FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

security/ossec-hids-* -- root escalation via temp files

Affected packages
ossec-hids-client < 2.8.1
ossec-hids-local < 2.8.1
ossec-hids-server < 2.8.1

Details

VuXML ID 36858e78-3963-11e4-ad84-000c29f6ae42
Discovery 2014-09-09
Entry 2014-09-11

OSSEC reports:

This correction will create the temp file for the hosts deny file in /var/ossec and will use mktemp where available to create NON-predictable temp file name. In cases where mktemp is not available we have written a BAD version of mktemp, but should be a little better then just process id.

References

CVE Name CVE-2014-5284
URL http://www.ossec.net/?p=1135