CVE-2020-8445

Name of the Vulnerable Software and Affected Versions OSSEC-HIDS versions 2.7 through 3.5.0

Description The issue arises from the OS CleanMSG function in ossec-analysisd, which fails to remove or encode terminal control characters or newlines from processed log messages. This can lead to the injection of nested events into the ossec log, as newlines are permitted in messages processed by ossec-analysisd. The use of terminal control characters may allow for the obfuscation of events or the execution of commands when viewed through vulnerable terminal emulators, potentially resulting in an unauthenticated remote attack for certain types and origins of logged data.

Recommendations For OSSEC-HIDS versions 2.7 through 3.5.0, consider disabling the OS CleanMSG function in ossec-analysisd or restricting the use of terminal control characters and newlines in log messages until a patch is available. Restrict access to the ossec log to minimize the risk of exploitation. Avoid using vulnerable terminal emulators to view log messages until the issue is resolved.