Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 9: 2009-4044 Moderate: Prelude Manager Database Access Issue

fedora
Calendar Grey May 2, 2009
Dist Fedora Esm H88
Fedora has implemented a new policy restricting database password access in the prelude-manager configuration to only the root user.
The configuration file of prelude-manager contains a database password and is world readable

Summary

Prelude Manager is the main program of the Prelude Hybrid IDS

suite. It is a multithreaded server which handles connections from

the Prelude sensors. It is able to register local or remote

sensors, let the operator configure them remotely, receive alerts,

and store alerts in a database or any format supported by

reporting plugins, thus providing centralized logging and

analysis. It also provides relaying capabilities for failover and

replication. The IDMEF standard is used for alert representation.

Support for filtering plugins allows you to hook in different

places in the Manager to define custom criteria for alert relaying

and logging.

Update Information:

The configuration file of prelude-manager contains a database password and is world readable. This update restricts permissions to the root account.

Topics%20covered

Topics Covered

security advisory moderate fedora permissions issue database access prelude-manager

Change Log

* Wed Apr 22 2009 Steve Grubb 0.9.14.2-2 - Adjusted permissions on dirs and conf files * Wed Sep 10 2008 Steve Grubb 0.9.14.2-1 - new upstream version - Prelude-Manager-SMTP plugin is now included * Wed May 14 2008 Steve Grubb 0.9.12.1-1 - new upstream version 0.9.12.1 * Thu Apr 24 2008 Steve Grubb 0.9.12-1 - new upstream version 0.9.12

References

Fedora Update Notification FEDORA-2009-4044 2009-04-27 20:38:45
Name : prelude-manager Product : Fedora 9 Version : 0.9.14.2 Release : 2.fc9 URL : https://prelude-ids.org/ Summary : Prelude-Manager Description : Prelude Manager is the main program of the Prelude Hybrid IDS suite. It is a multithreaded server which handles connections from the Prelude sensors. It is able to register local or remote sensors, let the operator configure them remotely, receive alerts, and store alerts in a database or any format supported by reporting plugins, thus providing centralized logging and analysis. It also provides relaying capabilities for failover and replication. The IDMEF standard is used for alert representation. Support for filtering plugins allows you to hook in different places in the Manager to define custom criteria for alert relaying and logging.

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update prelude-manager' at the command line. For more information, refer to "Managing Software with yum", available at .

Name: prelude-manager
Product: Fedora 9
Version: 0.9.14.2
Release: 2.fc9
URL: https://prelude-ids.org/
Summary: Prelude-Manager

Topics%20covered

Topics Covered

security advisory moderate fedora permissions issue database access prelude-manager

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here