In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-analysisd doesn't remove or encode terminal control characters or newlines from processed log messages. In many cases, those characters are later logged. Because newlines (\n) are permitted in messages processed by ossec-analysisd, it may be possible to inject nested events into the ossec log. Use of terminal control characters may allow obfuscating events or executing commands when viewed through vulnerable terminal emulators. This may be an unauthenticated remote attack for certain types and origins of logged data.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-01-30T00:33:43
Updated: 2024-08-04T09:56:28.484Z
Reserved: 2020-01-30T00:00:00
Link: CVE-2020-8445
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-01-30T01:15:10.917
Modified: 2024-11-21T05:38:52.200
Link: CVE-2020-8445
Redhat
No data.