CVE-2020-8447

Name of the Vulnerable Software and Affected Versions OSSEC-HIDS versions 2.7 through 3.5.0

Description The server component responsible for log analysis, ossec-analysisd, is vulnerable to a use-after-free during processing of syscheck formatted msgs. These messages are received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted.

Recommendations For OSSEC-HIDS versions 2.7 through 3.5.0, consider disabling the ossec-analysisd component temporarily until a patch is available to prevent potential exploitation. Restrict access to the ossec-remoted component to minimize the risk of receiving malicious syscheck formatted msgs.