CVE-2020-8446

Name of the Vulnerable Software and Affected Versions OSSEC-HIDS versions 2.7 through 3.5.0

Description The server component responsible for log analysis, ossec-analysisd, is vulnerable to path traversal with write access via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user.

Recommendations For OSSEC-HIDS versions 2.7 through 3.5.0, consider restricting access to the analysisd UNIX domain socket to prevent local users from writing crafted syscheck messages. As a temporary workaround, consider disabling the syscheck feature until a patch is available. Restrict write access to sensitive directories and files to minimize the risk of exploitation.