-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Updated to include state_ref in test
- Loading branch information
Showing
1 changed file
with
46 additions
and
45 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,46 +1,47 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <oval-def:oval_definitions xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd"> | ||
| <oval-def:generator> | ||
| <oval:schema_version xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5">5.10</oval:schema_version> | ||
| <oval:timestamp xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5">2017-07-15T11:40:00.000+02:00</oval:timestamp> | ||
| <oval-def:terms_of_use>Copyright (c) 2010, United States Government. All rights reserved. The contents of this file are subject to the license described in https://oval.cisecurity.org/terms.</oval-def:terms_of_use> | ||
| </oval-def:generator> | ||
| <oval-def:definitions> | ||
| <oval-def:definition id="oval:org.ietf.hackathon.sacm:def:1" class="vulnerability" version="1"> | ||
| <oval-def:metadata> | ||
| <oval-def:title>Vulnerable Versions of Libtasn1 on Ubuntu 16.04</oval-def:title> | ||
| <oval-def:reference ref_id="CVE-2017-6891" source="CVE"/> | ||
| <oval-def:description>Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.</oval-def:description> | ||
| </oval-def:metadata> | ||
| <oval-def:notes> | ||
| <oval-def:note>This OVAL Definition will result in an error if there are no SWID tag files associated with libtasn1.</oval-def:note> | ||
| </oval-def:notes> | ||
| <oval-def:criteria> | ||
| <oval-def:criterion comment="Check if a vulnerable version of libtasn1 is installed." test_ref="oval:org.ietf.hackathon.sacm:tst:1"/> | ||
| </oval-def:criteria> | ||
| </oval-def:definition> | ||
| </oval-def:definitions> | ||
| <oval-def:tests> | ||
| <xmlfilecontent_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check_existence="at_least_one_exists" comment="Check if a vulnerable version of libtasn1 is installed." check="at least one" id="oval:org.ietf.hackathon.sacm:tst:1" version="1"> | ||
| <object object_ref="oval:org.ietf.hackathon.sacm:obj:1"/> | ||
| </xmlfilecontent_test> | ||
| </oval-def:tests> | ||
| <oval-def:objects> | ||
| <xmlfilecontent_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="Get all SWID tag files associated with libtasn1.." id="oval:org.ietf.hackathon.sacm:obj:1" version="1"> | ||
| <path>C:\_Development\Projects\SACM-VS\SWID</path> | ||
| <filename operation="pattern match">.*\.swidtag$</filename> | ||
| <xpath>/*[local-name()='SoftwareIdentity'][contains(@name,'libtasn1')]/@version</xpath> | ||
| </xmlfilecontent_object> | ||
| </oval-def:objects> | ||
| <oval-def:states> | ||
| <xmlfilecontent_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="Check if the value matches any of the vulnerable versions of libtasn1." id="oval:org.ietf.hackathon.sacm:ste:2" version="1"> | ||
| <value_of var_check="at least one" var_ref="oval:org.ietf.hackathon.sacm:var:2"/> | ||
| </xmlfilecontent_state> | ||
| </oval-def:states> | ||
| <oval-def:variables> | ||
| <oval-def:constant_variable datatype="string" comment="Vulnerable versions of libasn1." id="oval:org.ietf.hackathon.sacm:var:2" version="1"> | ||
| <oval-def:value>4.7-3</oval-def:value> | ||
| <oval-def:value>4.7-3ubuntu0.16.04.1</oval-def:value> | ||
| </oval-def:constant_variable> | ||
| </oval-def:variables> | ||
| </oval-def:oval_definitions> | ||
| <oval_definitions xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:win-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5"> | ||
| <generator> | ||
| <oval:schema_version>5.10</oval:schema_version> | ||
| <oval:timestamp>2017-07-15T11:40:00.000+02:00</oval:timestamp> | ||
| <terms_of_use>Copyright (c) 2010, United States Government. All rights reserved. The contents of this file are subject to the license described in https://oval.cisecurity.org/terms.</terms_of_use> | ||
| </generator> | ||
| <definitions> | ||
| <definition id="oval:org.ietf.hackathon.sacm:def:1" version="1" class="vulnerability"> | ||
| <metadata> | ||
| <title>Vulnerable Versions of Libtasn1 on Ubuntu 16.04</title> | ||
| <reference ref_id="CVE-2017-6891" source="CVE" /> | ||
| <description>Two errors in the "asn1_find_node()" function (lib/parser_aux.c) within GnuTLS libtasn1 version 4.10 can be exploited to cause a stacked-based buffer overflow by tricking a user into processing a specially crafted assignments file via the e.g. asn1Coding utility.</description> | ||
| </metadata> | ||
| <notes> | ||
| <note>This OVAL Definition will result in an error if there are no SWID tag files associated with libtasn1.</note> | ||
| </notes> | ||
| <criteria> | ||
| <criterion comment="Check if a vulnerable version of libtasn1 is installed." test_ref="oval:org.ietf.hackathon.sacm:tst:1"/> | ||
| </criteria> | ||
| </definition> | ||
| </definitions> | ||
| <tests> | ||
| <xmlfilecontent_test id="oval:org.ietf.hackathon.sacm:tst:1" version="1" comment="Check if a vulnerable version of libtasn1 is installed." check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"> | ||
| <object object_ref="oval:org.ietf.hackathon.sacm:obj:1"/> | ||
| <state state_ref="oval:org.ietf.hackathon.sacm:ste:2"/> | ||
| </xmlfilecontent_test> | ||
| </tests> | ||
| <objects> | ||
| <xmlfilecontent_object id="oval:org.ietf.hackathon.sacm:obj:1" version="1" comment="Get all SWID tag files associated with libtasn1.." xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"> | ||
| <path>C:\_Development\Projects\SACM-VS\SWID</path> | ||
| <filename operation="pattern match">.*\.swidtag$</filename> | ||
| <xpath>/*[local-name()='SoftwareIdentity'][contains(@name,'libtasn1')]/@version</xpath> | ||
| </xmlfilecontent_object> | ||
| </objects> | ||
| <states> | ||
| <xmlfilecontent_state id="oval:org.ietf.hackathon.sacm:ste:2" version="1" comment="Check if the value matches any of the vulnerable versions of libtasn1." xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"> | ||
| <value_of var_ref="oval:org.ietf.hackathon.sacm:var:2" var_check="at least one"/> | ||
| </xmlfilecontent_state> | ||
| </states> | ||
| <variables> | ||
| <constant_variable id="oval:org.ietf.hackathon.sacm:var:2" version="1" datatype="string" comment="Vulnerable versions of libasn1."> | ||
| <value>4.7-3</value> | ||
| <value>4.7-3ubuntu0.16.04.1</value> | ||
| </constant_variable> | ||
| </variables> | ||
| </oval_definitions> |