Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
OSSIM 4.0.2 open-source SIEM solution does not verify .deb signatures
Nov 20 2012 01:48PM
roman fiedler ait ac at
It seems that OSSIM does not check the signature when running apt updates via network. This would allow MITM attackers to install arbitrary code when updating OSSIM. The issue seems to be already known for some time although there is no confirmation from the company AlienVault behind it. So it might...
[ more ]
Copyright 2010, SecurityFocus