New version (v 1.4.3.1) of BASE available

Published: 2009-06-04
Last Updated: 2009-06-04 00:17:10 UTC
by Raul Siles (Version: 1)
2 comment(s)

A new version of BASE (v.1.4.3.1) has been released, fixing a number of XSS flaws as well as a potential SQL injection flaw that have existed through numerous releases of BASE. BASE is a web-based interface to perform analysis of network intrusion data gathered by Snort.  You can download the latest version here.

As these vulnerabilities were publicly announced previously on the Internet, without prior notification to Kevin Johnson (main BASE author) or the BASE project team, I want to emphasize how important responsible full disclosure is. Specially for open-source projects, where the authors devote their time to make the project freely available for everybody, it is fair to let them know first and give them a reasonable time to fix the vulnerability. In this case, only a few days (in particular 6 days) after the announcement a new version was ready. Not bad in my opinion.

Additionally, these flaws can be exploited being authenticated or not, depending on your BASE set up.  Still today, lot of people do not require authentication to use BASE, which is a mistake. If it is your case, please, act as soon as possible!

Finally, as we have seen in the past a few times, do not expose your BASE web interface to the whole Internet. Keep it private within a protected management network.

--
Raul Siles
www.raulsiles.com

Keywords: BASE
2 comment(s)

Comments

Raul, thanks for the update, it was very well-timed for me. I had just installed snort for the first time on Wednesday, so I decided to give BASE a shot. It makes for a great interface to the snort mysql logger, and I already contributed a patch.

I would hope anyone running an instance of BASE has it behind some .ht* protection.
Great to hear that ;)

Diary Archives