Analysis Console for Intrusion Databases (ACID) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'sig[1]' variable upon submission to acid_qry_main.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

The vendor has discontinued this product. However, Debian has released a patch to address this vulnerability. It is recommended that an alternate software package Basic Analysis and Security Engine (BASE) be used in its place.

• Secunia Advisory ID: 17552 17558
• CVE ID: 2005-3325 (see also: NVD)
• Related OSVDB ID: 20836
• Vendor URL: http://www.andrew.cmu.edu/user/rdanyliw/snort/snortacid.html
• Vendor Specific Advisory URL: http://www.debian.org/security/2005/dsa-893

• Remco Verhoef - remco.verhoefintershare.nl -