CVE-2020-8446
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to path traversal (with write access) via crafted syscheck messages written directly to the analysisd UNIX domain socket by a local user.
- ossec ossec 2.7
- ossec ossec 2.7.0
- ossec ossec 2.7.1
- ossec ossec 2.8.0
- ossec ossec 2.8.1
- ossec ossec 2.8.2
- ossec ossec 2.8.3
- ossec ossec 2.9.0
- ossec ossec 2.9.1
- ossec ossec 2.9.2
- ossec ossec 2.9.3
- ossec ossec 2.9.4
- ossec ossec 3.0.0
- ossec ossec 3.1.0
- ossec ossec 3.2.0
- ossec ossec 3.3.0
- ossec ossec 3.4.0
- ossec ossec 3.5.0