-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Multiple vulnerabilities were found in OSSIM < 5.0.1

> https://www.alienvault.com/forums/discussion/5127

>> AlienVault ID: ENG-99866
>> Description: Vulnerability in the asset discovery scanner makes it
>>              possible to escalate privileges so that any command
>>              inserted on the os.execute method will be launched as
>>              root.
>> AV:L
>> Attribution: Vincent Hautot at Sysdream

> OSSIM uses *sudo* to launch a nmap scan for network discovery, allowing
> privilege escalation through a specifically crafted nmap script.

> /etc/sudoers
> www-data ALL=NOPASSWD: /usr/bin/nmap

> sudo nmap --script=/tmp/exec 127.0.0.1 -p 80

Use CVE-2015-4045.


>> AlienVault ID: ENG-99865
>> Description: Vulnerability in the asset discovery scanner makes it
>>              possible to execute a command remotely to run an asset
>>              discovery scan.
>> AV:N
>> Attribution: Vincent Hautot at Sysdream

> /ossim/netscan/do_scan.php?assets[]=;ncat

> /usr/share/ossim/www/netscan/do_scan.php
> $cmd = "/usr/bin/php /usr/share/ossim/scripts/vulnmeter/remote_nmap.php '$assets_p'
> system($cmd);

Use CVE-2015-4046.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVX0aYAAoJEKllVAevmvms++gH/jGnE5Huvhpv+zb6/gRfIH2s
F6zwEm9u5/u0Hi2FfUDWFJVvBXbXyt6yEgU2lbJZQXy5d/un30PzGcdJuEvSZ4nI
8AXo4rl2zHabt5daNhGPrfQnjQIvs8nx7cM2lMp+dhRWIE4gbr10FJdlwaZWUspJ
5/CVJJoA8dEJ5302gPEYP9NJdAVGYeiPlh7CcVdPthnt6mh2tXkazhjZjz6V7mJh
oOxtPvm50WCa5vOcVqzP8XtcGq0I2HNaQLQZaSdYT2zuan6wbXp6b9sBKwsqd3xD
BMq624mQiUyiMydaO7+8ZTCCThiev0h20wcacrX83NzaLQS/jV15p+ZwnXRPMLU=
=hHfc
-----END PGP SIGNATURE-----