On Tue, 23 Jun 2015, [email protected] wrote:
thanks for your answer
i don't use host-deny bur only AR, and i was talking about:
CVE-2015-3222
http://www.ossec.net/?p=1198
i read "This issue does not affect agents" and for me it was not clear
if you can go for root escalation via sys check only on the server or if
you don't need to upgrade the agent.
That doesn't seem right. syscheck and corresponding diffs are run by
agents so they're directly affected.
http://osdir.com/ml/opensource-software-security/2015-06/msg00089.html
1. A vulnerable version is in use.
2. The OSSEC agent is configured to use syscheck to monitor the file
system for changes.
Antonio Querubin
e-mail: [email protected]
xmpp: [email protected]
