Description
host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by skynet-13 · pythonlocallinux
https://www.exploit-db.com/exploits/35234
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
https://github.com/ossec/ossec-hids/releases/tag/2.8.1
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/35234
Exploit x_refsource_misc
http://packetstormsecurity.com/files/129111/OSSEC-2.8-Privilege-Escalation.html
Scores
EPSS
0.0966
EPSS Percentile
92.9%
Details
CWE
CWE-264
Status
published
Products (1)
ossec/ossec
< 2.8.0
Published
Dec 02, 2014
Tracked Since
Feb 18, 2026