CVE-2002-1970

Name of the Vulnerable Software and Affected Versions SnortCenter version 0.9.5

Description The issue allows local users to obtain usernames and passwords for the alert database servers due to the storage of Snort rules in a temporary file with world-readable and world-writable permissions when SnortCenter is configured to push Snort rules.

Recommendations For SnortCenter version 0.9.5, consider changing the permissions of the temporary file used to store Snort rules to prevent world-readable and world-writable access until a patch is available. As a temporary workaround, restrict access to the temporary file to minimize the risk of exploitation.