SnortCenter 0.9.5 temp file naming problems...

["Clint Byrum" <cbyrum () spamaps org>]

Hello. I am releasing this very late, as SnortCenter v0.9.6 has been
released for a few weeks now. This bug was discovered a couple of months
ago, but not released at the request of Stefan Dens, the author of
SnortCenter.
SnortCenter is a php based tool for aggregating many snort sensors into
one place to make it easy to keep rules and configurations synchronized.
Upon choosing to "push" the rules out to a particular sensor, a file is
created in the temp directory with the same name as the sensor. So, if
your sensor is named "hal" and you push the rules out to it, on the
webserver, a file is created
/tmp/hal

With permissions 777. This means that *anyone* with access to the
SnortCenter server's /tmp directory could read the sensor config files,
among other fun /tmp games. Interesting bits in these files include the
usernames/passwords/addresses of the alert database servers.
TO FIX:

v0.9.6 has been recently released, and should be upgraded to. Also I have
attached a patch for 0.9.5 that uses a more random name(not sure of the
security of php4's tempnam() function), and secure permissions on the
file.
You can get v0.9.6 at snortcenter's home page.

http://users.pandora.be/larc/

Clint Byrum
----------------------------
http://spamaps.org/
http://excellenceintech.com/

Attachment: snortcenter_v095-tmpfix.patch
Description: