Create GeneratorVulnerabilityEvents Class in Agent Simulator

[rafabailon]

Description

When using the class to generate syscollector packages, no vulnerabilities are generated since the class is not intended for this use. It is possible to make vulnerabilities work by using the agent simulator parameters.

To avoid misusing the syscollector generator, the GeneratorVulnerabilityEvents class has been created. This class generates syscollector packets for the purpose of generating vulnerabilities.

Related to #5222

Testing Performed

OS	Package Used	Version	Result
Ubuntu 22.04	Manager	4.8.0	🟢
Debian 12	Manager	4.8.0	🟢

For testing, it is possible to use the agent simulator locally using the command simulate-agents -a xxx.xx.x.xx -n 1 -m vulnerability -s 5 -t 12 -o debian10 -v 4.8.0 --debug. The logs corresponding to the vulnerabilities that the simulator generates using the new class should appear in the Wazuh manager.

[rafabailon]

Tests

I have done some first tests to check the functionality of the new logic. The results seem as expected and without errors in the logs.

Command Logs

root@ubuntu2204:/home/vagrant# simulate-agents -a 172.16.1.13 -n 1 -m vulnerability -s 5 -t 12 -o debian10 -v 4.8.0 --debug
DEBUG:root:Registration - 1-FcvwyikVX34eEYHI-debian10(001) in 172.16.1.13
DEBUG:root:Keep alive message = #!-Linux |agent-debian10 |4.9.0-12-amd64 |#1 SMP Debian 4.9.210-1 (2020-01-20) |x86_64 [Debian GNU/Linux|debian: 10 (buster)] - Wazuh v4.8.0 / ab73af41699f13fdd81903b5f23d8d00
d6e3ac3e75ca0319af3e7c262776f331 merged.mg
#"_agent_ip":10.0.2.15

INFO:P86699:{'keepalive': {'status': 'enabled', 'frequency': 10.0}, 'fim': {'status': 'disabled', 'eps': 0}, 'fim_integrity': {'status': 'disabled', 'eps': 0}, 'syscollector': {'status': 'disabled', 'frequency': 60, 'eps': 0}, 'vulnerability': {'status': 'enabled', 'frequency': 60.0, 'eps': 5}, 'rootcheck': {'status': 'disabled', 'frequency': 60.0, 'eps': 0}, 'sca': {'status': 'disabled', 'frequency': 60, 'eps': 0}, 'hostinfo': {'status': 'disabled', 'eps': 0}, 'winevt': {'status': 'disabled', 'eps': 0}, 'logcollector': {'status': 'disabled', 'eps': 0}, 'receive_messages': {'status': 'enabled'}}
INFO:P86699:Waiting 0 seconds before sending EPS and keep-alive events
INFO:P86699:Starting 1 agents.
DEBUG:root:Starting - 1-FcvwyikVX34eEYHI-debian10(001)(debian10) - keepalive
DEBUG:root:Starting - 1-FcvwyikVX34eEYHI-debian10(001)(debian10) - vulnerability
DEBUG:root:Starting - 1-FcvwyikVX34eEYHI-debian10(001)(debian10) - receive_messages
DEBUG:root:Startup - 1-FcvwyikVX34eEYHI-debian10(001)
DEBUG:root:KeepAlive - 1-FcvwyikVX34eEYHI-debian10(001)
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_osinfo", "data": {"checksum":"1634140017886803554","architecture":"x86_64","hostname":"1-FcvwyikVX34eEYHI-debian10","os_codename":"focal","os_major":"20","os_minor":"04","os_name":"Ubuntu","os_platform":"ubuntu","os_patch":"6","os_release":"sp1","os_version":"20.04.6LTS(FocalFossa)","os_build":"4.18.0-305.12.1.el8_4.x86_64","release":"6.2.6-76060206-generic","scan_time":"2023/12/2011:24:58","sysname":"Linux","version":"#202303130630~1689015125~22.04~ab2190eSMPPREEMPT_DYNAMIC"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"VESY3XMXAJ","description":"","format":"","groups":"editors","install_time":"2024/04/19 00:00:00","item_id":"PGSN3P11AS","location":"","multiarch":"null","name":"bsd_os","priority":"optional","scan_time":"2023/12/1915:32:25","size":"2","source":"","vendor":"bsdi","version":"3.1"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"EQZV43OOAV","description":"","format":"","groups":"editors","install_time":"2024/04/19 00:00:00","item_id":"VSBGWECBBD","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"3","source":"","vendor":"freebsd","version":"1.0"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"CYMBUQBK5F","description":"","format":"","groups":"editors","install_time":"2024/04/19 00:00:00","item_id":"176OTARD0K","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"4","source":"","vendor":"freebsd","version":"1.1"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"7JIZQS1MQ2","description":"","format":"","groups":"editors","install_time":"2024/04/19 00:00:00","item_id":"OS5YJXDEZR","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"5","source":"","vendor":"freebsd","version":"1.1.5.1"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"2LFTUUU9X0","description":"","format":"","groups":"editors","install_time":"2024/04/19 00:00:00","item_id":"FS5G3KNPYV","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"6","source":"","vendor":"freebsd","version":"1.2"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"7JHAUW808P","description":"","format":"","groups":"editors","install_time":"2024/04/19 00:00:00","item_id":"8CE9CHZ712","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"7","source":"","vendor":"freebsd","version":"2.0"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"NAREO55SID","description":"","format":"","groups":"editors","install_time":"2024/04/19 00:00:00","item_id":"LUMMBFX55A","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"8","source":"","vendor":"freebsd","version":"2.0.1"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"8ISAMQJUZH","description":"","format":"","groups":"editors","install_time":"2024/04/19 00:00:00","item_id":"FYCP9DDURQ","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"9","source":"","vendor":"freebsd","version":"2.0.5"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"OI6QE8QKVL","description":"","format":"","groups":"editors","install_time":"2024/04/19 00:00:00","item_id":"604QFT7DQG","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"10","source":"","vendor":"freebsd","version":"2.1.5"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"IAXKUEB61I","description":"","format":"","groups":"editors","install_time":"2024/04/19 00:00:00","item_id":"645LMLE9II","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"11","source":"","vendor":"freebsd","version":"2.1.6"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"PYEOIW18QV","description":"","format":"","groups":"editors","install_time":"2024/04/19 00:00:00","item_id":"D070T1FXLA","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"12","source":"","vendor":"freebsd","version":"2.1.6.1"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"SCB7G093G1","description":"","format":"","groups":"editors","install_time":"2024/04/19 00:00:00","item_id":"OSLDKXRSIS","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"13","source":"","vendor":"freebsd","version":"2.1.7"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"4O0543104Y","description":"","format":"","groups":"editors","install_time":"2024/04/19 00:00:00","item_id":"Z7MUN8VJ1H","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"14","source":"","vendor":"freebsd","version":"2.1.7.1"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"UV0J0X508K","description":"","format":"","groups":"editors","install_time":"2024/04/19 00:00:00","item_id":"UXXMNOLEBS","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"15","source":"","vendor":"freebsd","version":"2.2"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"N28POWAYXR","description":"","format":"","groups":"editors","install_time":"2024/04/19 00:00:00","item_id":"6NKIN9TX23","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"16","source":"","vendor":"freebsd","version":"2.2.2"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"VN6N6H4IYH","description":"","format":"","groups":"editors","install_time":"2024/04/19 00:00:00","item_id":"KGCJKFEK3N","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"17","source":"","vendor":"freebsd","version":"2.2.3"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"ZUCQNWAN97","description":"","format":"","groups":"editors","install_time":"2024/04/19 00:00:00","item_id":"QV0ZWGYUKU","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"18","source":"","vendor":"freebsd","version":"2.2.4"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"94WGTFOCPX","description":"","format":"","groups":"editors","install_time":"2024/04/19 00:00:00","item_id":"A0ZR24K68R","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"19","source":"","vendor":"freebsd","version":"2.2.5"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"LDKXWKAIUB","description":"","format":"","groups":"editors","install_time":"2024/04/19 00:00:00","item_id":"2L5ZMY6M62","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"20","source":"","vendor":"freebsd","version":"2.2.6"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"QUARFZFYU6","description":"","format":"","groups":"editors","install_time":"2024/04/19 00:00:00","item_id":"TBV7H4U4WF","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"21","source":"","vendor":"freebsd","version":"2.2.8"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"0V148AJWWD","description":"","format":"","groups":"editors","install_time":"2024/04/19 00:00:00","item_id":"Z4ZZZB1LXR","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"22","source":"","vendor":"freebsd","version":"3.0"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"DBMW99ZNH1","description":"","format":"","groups":"editors","install_time":"2024/04/19 00:00:00","item_id":"L5E1ISEGSD","location":"","multiarch":"null","name":"openbsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"23","source":"","vendor":"openbsd","version":"2.3"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"YGK7AR7Q95","description":"","format":"","groups":"editors","install_time":"2024/04/19 00:00:00","item_id":"KHRVARW10U","location":"","multiarch":"null","name":"openbsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"24","source":"","vendor":"openbsd","version":"2.4"}, "operation": "INSERTED"}

Ossec Logs

root@ubuntu2204:/home/vagrant# tail -f /var/ossec/logs/ossec.log 
2024/04/19 08:27:34 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2024/04/19 08:27:34 wazuh-modulesd:syscollector: INFO: Module started.
2024/04/19 08:27:34 wazuh-modulesd:syscollector: INFO: Starting evaluation.
2024/04/19 08:27:34 sca: INFO: Starting evaluation of policy: '/var/ossec/ruleset/sca/cis_ubuntu22-04.yml'
2024/04/19 08:27:34 wazuh-modulesd:syscollector: INFO: Evaluation finished.
2024/04/19 08:27:34 indexer-connector: INFO: IndexerConnector initialized successfully for index: wazuh-states-vulnerabilities.
2024/04/19 08:27:35 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started
2024/04/19 08:27:39 sca: INFO: Evaluation finished for policy '/var/ossec/ruleset/sca/cis_ubuntu22-04.yml'
2024/04/19 08:27:39 sca: INFO: Security Configuration Assessment scan finished. Duration: 5 seconds.
2024/04/19 08:27:45 rootcheck: INFO: Ending rootcheck scan.

2024/04/19 08:36:11 wazuh-authd: INFO: New connection from 172.16.1.1
2024/04/19 08:36:11 wazuh-authd: INFO: Received request for a new agent (1-FcvwyikVX34eEYHI-debian10) from: 172.16.1.1
2024/04/19 08:36:11 wazuh-authd: INFO: Agent key generated for '1-FcvwyikVX34eEYHI-debian10' (requested by any)
2024/04/19 08:36:11 wazuh-remoted: INFO: (1409): Authentication file changed. Updating.
2024/04/19 08:36:11 wazuh-remoted: INFO: (1410): Reading authentication keys file.
2024/04/19 08:40:58 wazuh-modulesd:vulnerability-scanner: INFO: Initiating update feed process
2024/04/19 08:40:58 wazuh-modulesd:vulnerability-scanner: INFO: Processing file: queue/vd_updater/tmp/contents/431557-api_file.json
2024/04/19 08:41:12 wazuh-modulesd:vulnerability-scanner: INFO: Processing file: queue/vd_updater/tmp/contents/432557-api_file.json
2024/04/19 08:41:28 wazuh-modulesd:vulnerability-scanner: INFO: Processing file: queue/vd_updater/tmp/contents/433557-api_file.json
2024/04/19 08:41:49 wazuh-modulesd:vulnerability-scanner: INFO: Processing file: queue/vd_updater/tmp/contents/434557-api_file.json

Archive Logs

root@ubuntu2204:/home/vagrant# tail -f /var/ossec/logs/archives/archives.log
2024 Apr 19 08:36:39 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2004-0418","cvss":{"cvss2":{"base_score":10.0,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package default status","name":"openbsd","source":"","version":"2.4"},"published":"2004-08-06T04:00:00Z","rationale":"serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an \"out-of-bounds\" write for a single byte to execute arbitrary code or modify critical program data.","reference":"http://www.debian.org/security/2004/dsa-519, http://security.gentoo.org/glsa/glsa-200406-06.xml, ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc, ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc, http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html, http://marc.info/?l=bugtraq&m=108716553923643&w=2, http://security.e-matters.de/advisories/092004.html, http://www.mandriva.com/security/advisories?name=MDKSA-2004:058, http://www.redhat.com/support/errata/RHSA-2004-233.html, https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1003, https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11242","severity":"High","status":"Active","title":"CVE-2004-0418 affects openbsd","type":"Packages","updated":"2018-05-03T01:29:25Z"}}
2024 Apr 19 08:36:39 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2022-48437","cvss":{"cvss3":{"base_score":5.3,"vector":{"attack_vector":"","availability":"NONE","confidentiality_impact":"NONE","integrity_impact":"LOW","privileges_required":"NONE","scope":"UNCHANGED","user_interaction":"NONE"}}},"cwe_reference":"CWE-295","enumeration":"CVE","package":{"architecture":"","condition":"Package less than 7.2","name":"openbsd","source":"","version":"2.4"},"published":"2023-04-12T05:15:07Z","rationale":"An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate.","reference":"https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.1-relnotes.txt, https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/001_x509.patch.sig, https://github.com/openbsd/src/commit/4f94258c65a918ee3d8670e93916d15bf879e6ec","severity":"Medium","status":"Active","title":"CVE-2022-48437 affects openbsd","type":"Packages","updated":"2023-04-21T14:17:04Z"}}
2024 Apr 19 08:36:39 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"redhat","cve":"CVE-2019-14899","cvss":{"cvss2":{"base_score":4.9,"vector":{"access_complexity":"MEDIUM","authentication":"SINGLE","availability":"PARTIAL","confidentiality_impact":"PARTIAL","integrity_impact":"PARTIAL"}}},"cwe_reference":"CWE-300","enumeration":"CVE","package":{"architecture":"","condition":"Package default status","name":"openbsd","source":"","version":"2.4"},"published":"2019-12-11T15:15:14Z","rationale":"A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.","reference":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899, http://seclists.org/fulldisclosure/2020/Dec/32, http://seclists.org/fulldisclosure/2020/Jul/23, http://seclists.org/fulldisclosure/2020/Jul/24, http://seclists.org/fulldisclosure/2020/Jul/25, http://seclists.org/fulldisclosure/2020/Nov/20, http://www.openwall.com/lists/oss-security/2020/08/13/2, http://www.openwall.com/lists/oss-security/2020/10/07/3, http://www.openwall.com/lists/oss-security/2021/07/05/1, https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/, https://support.apple.com/kb/HT211288, https://support.apple.com/kb/HT211289, https://support.apple.com/kb/HT211290, https://support.apple.com/kb/HT211850, https://support.apple.com/kb/HT211931","severity":"Medium","status":"Active","title":"CVE-2019-14899 affects openbsd","type":"Packages","updated":"2023-03-01T16:40:04Z"}}
2024 Apr 19 08:36:39 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2006-6730","cvss":{"cvss2":{"base_score":6.6,"vector":{"access_complexity":"MEDIUM","authentication":"SINGLE","availability":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package default status","name":"openbsd","source":"","version":"2.4"},"published":"2006-12-26T23:28:00Z","rationale":"OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local users with root privileges to reduce securelevel by replacing the System Management Mode (SMM) handler via a write to an SMRAM address within /dev/xf86 (aka the video card memory-mapped I/O range), and then launching the new handler via a System Management Interrupt (SMI), as demonstrated by a write to Programmed I/O port 0xB2.","reference":"http://lists.freedesktop.org/archives/xorg/2004-June/000927.html, http://www.cansecwest.com/slides06/csw06-duflot.ppt, http://www.securityfocus.com/archive/1/454379/100/0/threaded, http://www.securityfocus.com/archive/1/454510/100/0/threaded, http://www.securityfocus.com/archive/1/454706/100/0/threaded, http://www.ssi.gouv.fr/fr/sciences/fichiers/lti/cansecwest2006-duflot-paper.pdf","severity":"Medium","status":"Active","title":"CVE-2006-6730 affects openbsd","type":"Packages","updated":"2018-10-17T21:49:29Z"}}
2024 Apr 19 08:36:39 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2000-0751","cvss":{"cvss2":{"base_score":7.5,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"PARTIAL","confidentiality_impact":"PARTIAL","integrity_impact":"PARTIAL"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package equal to 2.4","name":"openbsd","source":"","version":"2.4"},"published":"2000-10-20T04:00:00Z","rationale":"mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.","reference":"http://archives.neohapsis.com/archives/freebsd/2000-08/0336.html, http://www.securityfocus.com/bid/1559, http://archives.neohapsis.com/archives/bugtraq/2000-08/0064.html, http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h, http://www.openbsd.org/errata.html#mopd, http://www.redhat.com/support/errata/RHSA-2000-050.html","severity":"High","status":"Active","title":"CVE-2000-0751 affects openbsd","type":"Packages","updated":"2008-09-05T20:21:47Z"}}
2024 Apr 19 08:36:39 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2017-1000372","cvss":{"cvss2":{"base_score":7.5,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"PARTIAL","confidentiality_impact":"PARTIAL","integrity_impact":"PARTIAL"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package less than or equal to 6.1","name":"openbsd","source":"","version":"2.4"},"published":"2017-06-19T16:29:00Z","rationale":"A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenBSD 6.1 and possibly earlier versions.","reference":"https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt, https://ftp.openbsd.org/pub/OpenBSD/patches/6.1/common/008_exec_subr.patch.sig, http://www.securityfocus.com/bid/99172","severity":"High","status":"Active","title":"CVE-2017-1000372 affects openbsd","type":"Packages","updated":"2019-10-03T00:03:26Z"}}
2024 Apr 19 08:36:39 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"redhat","cve":"CVE-2011-2895","cvss":{"cvss2":{"base_score":9.3,"vector":{"access_complexity":"MEDIUM","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE"}}},"cwe_reference":"CWE-119","enumeration":"CVE","package":{"architecture":"","condition":"Package less than or equal to 3.7","name":"openbsd","source":"","version":"2.4"},"published":"2011-08-19T17:55:03Z","rationale":"The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.","reference":"http://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d11ee5886e9d9ec610051a206b135a4cdc1e09a0, http://lists.freedesktop.org/archives/xorg-announce/2011-August/001721.html, http://lists.freedesktop.org/archives/xorg-announce/2011-August/001722.html, https://bugzilla.redhat.com/show_bug.cgi?id=725760, http://secunia.com/advisories/45544, http://secunia.com/advisories/45568, http://secunia.com/advisories/45599, http://www.redhat.com/support/errata/RHSA-2011-1154.html, http://www.redhat.com/support/errata/RHSA-2011-1155.html, http://www.redhat.com/support/errata/RHSA-2011-1161.html, http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc, http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html, http://lists.apple.com/archives/security-announce/2012/May/msg00001.html, http://lists.apple.com/archives/security-announce/2015/Dec/msg00000.html, http://lists.apple.com/archives/security-announce/2015/Dec/msg00001.html, http://lists.apple.com/archives/security-announce/2015/Dec/msg00002.html, http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html, http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html, http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html, http://secunia.com/advisories/45986, http://secunia.com/advisories/46127, http://secunia.com/advisories/48951, http://securitytracker.com/id?1025920, http://support.apple.com/kb/HT5130, http://support.apple.com/kb/HT5281, http://www.debian.org/security/2011/dsa-2293, http://www.mandriva.com/security/advisories?name=MDVSA-2011:153, http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17, http://www.openwall.com/lists/oss-security/2011/08/10/10, http://www.redhat.com/support/errata/RHSA-2011-1834.html, http://www.securityfocus.com/bid/49124, http://www.ubuntu.com/usn/USN-1191-1, https://bugzilla.redhat.com/show_bug.cgi?id=727624, https://exchange.xforce.ibmcloud.com/vulnerabilities/69141, https://support.apple.com/HT205635, https://support.apple.com/HT205637, https://support.apple.com/HT205640, https://support.apple.com/HT205641","severity":"High","status":"Active","title":"CVE-2011-2895 affects openbsd","type":"Packages","updated":"2017-08-29T01:29:51Z"}}
2024 Apr 19 08:36:39 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2008-4609","cvss":{"cvss2":{"base_score":7.1,"vector":{"access_complexity":"MEDIUM","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"NONE","integrity_impact":"NONE"}}},"cwe_reference":"CWE-16","enumeration":"CVE","package":{"architecture":"","condition":"Package default status","name":"openbsd","source":"","version":"2.4"},"published":"2008-10-20T17:59:26Z","rationale":"The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.","reference":"http://blog.robertlee.name/2008/10/conjecture-speculation.html, http://insecure.org/stf/tcp-dos-attack-explained.html, http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html, http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked, http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml, http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html, http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf, http://www.mandriva.com/security/advisories?name=MDVSA-2013:150, http://www.outpost24.com/news/news-2008-10-02.html, https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6340, https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html, https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048, http://marc.info/?l=bugtraq&m=125856010926699&w=2, http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html, http://www.us-cert.gov/cas/techalerts/TA09-251A.html","severity":"High","status":"Active","title":"CVE-2008-4609 affects openbsd","type":"Packages","updated":"2022-12-14T16:40:36Z"}}
2024 Apr 19 08:36:39 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-1999-0001","cvss":{"cvss2":{"base_score":5.0,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE"}}},"cwe_reference":"CWE-20","enumeration":"CVE","package":{"architecture":"","condition":"Package equal to 2.4","name":"openbsd","source":"","version":"2.4"},"published":"1999-12-30T05:00:00Z","rationale":"ip_input.c in BSD-derived TCP/IP implementations allows remote attackers to cause a denial of service (crash or hang) via crafted packets.","reference":"http://www.openbsd.org/errata23.html#tcpfix, http://www.osvdb.org/5707","severity":"Medium","status":"Active","title":"CVE-1999-0001 affects openbsd","type":"Packages","updated":"2010-12-16T05:00:00Z"}}
2024 Apr 19 08:36:39 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2001-0670","cvss":{"cvss2":{"base_score":7.5,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"PARTIAL","confidentiality_impact":"PARTIAL","integrity_impact":"PARTIAL"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package default status","name":"openbsd","source":"","version":"2.4"},"published":"2001-10-03T04:00:00Z","rationale":"Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.","reference":"ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.20/CSSA-2001-SCO.20.txt, http://www.openbsd.com/errata28.html, http://xforce.iss.net/alerts/advise94.php, http://www.cert.org/advisories/CA-2001-30.html, http://www.kb.cert.org/vuls/id/274043, ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-018.txt.asc, http://www.redhat.com/support/errata/RHSA-2001-147.html, http://www.securityfocus.com/bid/3252, https://exchange.xforce.ibmcloud.com/vulnerabilities/7046","severity":"High","status":"Active","title":"CVE-2001-0670 affects openbsd","type":"Packages","updated":"2017-10-10T01:29:50Z"}}
2024 Apr 19 08:36:39 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2004-0416","cvss":{"cvss2":{"base_score":10.0,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE"}}},"cwe_reference":"CWE-119","enumeration":"CVE","package":{"architecture":"","condition":"Package default status","name":"openbsd","source":"","version":"2.4"},"published":"2004-08-06T04:00:00Z","rationale":"Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.","reference":"http://www.debian.org/security/2004/dsa-519, ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc, ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc, http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html, http://marc.info/?l=bugtraq&m=108716553923643&w=2, http://security.e-matters.de/advisories/092004.html, http://security.gentoo.org/glsa/glsa-200406-06.xml, http://www.mandriva.com/security/advisories?name=MDKSA-2004:058, http://www.redhat.com/support/errata/RHSA-2004-233.html, https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10070, https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A994","severity":"High","status":"Active","title":"CVE-2004-0416 affects openbsd","type":"Packages","updated":"2018-05-03T01:29:25Z"}}
2024 Apr 19 08:36:39 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2011-2168","cvss":{"cvss2":{"base_score":5.0,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE"}}},"cwe_reference":"CWE-189","enumeration":"CVE","package":{"architecture":"","condition":"Package less than or equal to 4.8","name":"openbsd","source":"","version":"2.4"},"published":"2011-05-24T23:55:04Z","rationale":"Multiple integer overflows in the glob implementation in libc in OpenBSD before 4.9 might allow context-dependent attackers to have an unspecified impact via a crafted string, related to the GLOB_APPEND and GLOB_DOOFFS flags, a different issue than CVE-2011-0418.","reference":"http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/glob.c#rev1.35, http://securityreason.com/achievement_securityalert/97, http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/glob.c.diff?r1=1.34%3Br2=1.35%3Bf=h, http://www.securityfocus.com/bid/48004","severity":"Medium","status":"Active","title":"CVE-2011-2168 affects openbsd","type":"Packages","updated":"2023-11-07T02:07:21Z"}}
2024 Apr 19 08:36:39 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-1999-0798","cvss":{"cvss2":{"base_score":10.0,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package equal to 2.4","name":"openbsd","source":"","version":"2.4"},"published":"1998-12-04T05:00:00Z","rationale":"Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.","reference":"http://marc.info/?l=bugtraq&m=91278867118128&w=2","severity":"High","status":"Active","title":"CVE-1999-0798 affects openbsd","type":"Packages","updated":"2016-10-18T01:59:43Z"}}
2024 Apr 19 08:36:39 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2017-1000373","cvss":{"cvss2":{"base_score":6.4,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"PARTIAL"}}},"cwe_reference":"CWE-400","enumeration":"CVE","package":{"architecture":"","condition":"Package less than or equal to 6.1","name":"openbsd","source":"","version":"2.4"},"published":"2017-06-19T16:29:00Z","rationale":"The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions.","reference":"https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/qsort.c?rev=1.15&content-type=text/x-cvsweb-markup, https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt, http://www.securityfocus.com/bid/99177, http://www.securitytracker.com/id/1039427, https://support.apple.com/HT208112, https://support.apple.com/HT208113, https://support.apple.com/HT208115, https://support.apple.com/HT208144, https://www.exploit-db.com/exploits/42271/","severity":"Medium","status":"Active","title":"CVE-2017-1000373 affects openbsd","type":"Packages","updated":"2017-10-24T01:29:01Z"}}
2024 Apr 19 08:36:39 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2001-0268","cvss":{"cvss2":{"base_score":7.2,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package less than or equal to 2.8","name":"openbsd","source":"","version":"2.4"},"published":"2001-05-03T04:00:00Z","rationale":"The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address.","reference":"http://archives.neohapsis.com/archives/netbsd/2001-q1/0093.html, http://www.kb.cert.org/vuls/id/358960, http://archives.neohapsis.com/archives/bugtraq/2001-02/0353.html, http://archives.neohapsis.com/archives/linux/caldera/2001-q4/0014.html, http://www.openbsd.org/errata.html#userldt, http://www.osvdb.org/6141, http://www.securityfocus.com/bid/2739, https://exchange.xforce.ibmcloud.com/vulnerabilities/6222","severity":"High","status":"Active","title":"CVE-2001-0268 affects openbsd","type":"Packages","updated":"2017-10-10T01:29:40Z"}}
2024 Apr 19 08:36:39 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2007-0343","cvss":{"cvss2":{"base_score":5.0,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package less than or equal to 4.0","name":"openbsd","source":"","version":"2.4"},"published":"2007-01-18T02:28:00Z","rationale":"OpenBSD before 20070116 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via certain IPv6 ICMP (aka ICMP6) echo request packets.","reference":"http://secunia.com/advisories/23830, http://securitytracker.com/id?1017518, http://www.openbsd.org/errata.html#icmp6, http://www.openbsd.org/errata39.html#icmp6, http://www.osvdb.org/32935, http://www.securityfocus.com/bid/22087","severity":"Medium","status":"Active","title":"CVE-2007-0343 affects openbsd","type":"Packages","updated":"2008-09-05T21:17:38Z"}}
2024 Apr 19 08:36:39 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2004-0492","cvss":{"cvss2":{"base_score":10.0,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package default status","name":"openbsd","source":"","version":"2.4"},"published":"2004-08-06T04:00:00Z","rationale":"Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.","reference":"http://rhn.redhat.com/errata/RHSA-2004-245.html, http://www.debian.org/security/2004/dsa-525, http://www.kb.cert.org/vuls/id/541310, ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc, http://marc.info/?l=bugtraq&m=108711172710140&w=2, http://marc.info/?l=bugtraq&m=130497311408250&w=2, http://seclists.org/lists/fulldisclosure/2004/Jun/0296.html, http://secunia.com/advisories/11841, http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1, http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1, http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1, http://www.guninski.com/modproxy1.html, http://www.mandriva.com/security/advisories?name=MDKSA-2004:065, https://bugzilla.fedora.us/show_bug.cgi?id=1737, https://exchange.xforce.ibmcloud.com/vulnerabilities/16387, https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E, https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E, https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E, https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E, https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E, https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E, https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E, https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100112, https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4863","severity":"High","status":"Active","title":"CVE-2004-0492 affects openbsd","type":"Packages","updated":"2023-11-07T01:56:42Z"}}
2024 Apr 19 08:36:39 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"redhat","cve":"CVE-2012-1577","cvss":{"cvss2":{"base_score":7.5,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"PARTIAL","confidentiality_impact":"PARTIAL","integrity_impact":"PARTIAL"}}},"cwe_reference":"CWE-335","enumeration":"CVE","package":{"architecture":"","condition":"Package default status","name":"openbsd","source":"","version":"2.4"},"published":"2019-12-10T19:15:14Z","rationale":"lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.","reference":"http://www.openwall.com/lists/oss-security/2012/03/23/14, https://github.com/ensc/dietlibc/blob/master/CHANGES, https://security-tracker.debian.org/tracker/CVE-2012-1577, http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/random.c#rev1.16","severity":"High","status":"Active","title":"CVE-2012-1577 affects openbsd","type":"Packages","updated":"2019-12-17T18:38:23Z"}}
2024 Apr 19 08:36:39 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2005-4351","cvss":{"cvss2":{"base_score":4.3,"vector":{"access_complexity":"LOW","authentication":"SINGLE","availability":"PARTIAL","confidentiality_impact":"PARTIAL","integrity_impact":"PARTIAL"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package less than or equal to 3.8","name":"openbsd","source":"","version":"2.4"},"published":"2005-12-31T05:00:00Z","rationale":"The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running.","reference":"http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041177.html, http://www.redteam-pentesting.de/advisories/rt-sa-2005-015.txt, http://archives.neohapsis.com/archives/openbsd/2005-10/1523.html, http://www.redteam-pentesting.de/advisories/rt-sa-2005-15.txt, https://exchange.xforce.ibmcloud.com/vulnerabilities/24037","severity":"Medium","status":"Active","title":"CVE-2005-4351 affects openbsd","type":"Packages","updated":"2017-07-20T01:29:13Z"}}
2024 Apr 19 08:36:39 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2000-1010","cvss":{"cvss2":{"base_score":10.0,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package equal to 2.4","name":"openbsd","source":"","version":"2.4"},"published":"2000-12-11T05:00:00Z","rationale":"Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters.","reference":"http://www.securityfocus.com/bid/1764, http://www.securityfocus.com/archive/1/137890, https://exchange.xforce.ibmcloud.com/vulnerabilities/5344","severity":"High","status":"Active","title":"CVE-2000-1010 affects openbsd","type":"Packages","updated":"2017-10-10T01:29:26Z"}}
2024 Apr 19 08:36:39 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2005-0740","cvss":{"cvss2":{"base_score":5.0,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package equal to 2.4","name":"openbsd","source":"","version":"2.4"},"published":"2005-01-13T05:00:00Z","rationale":"The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout.","reference":"http://www.securityfocus.com/bid/12250, http://securitytracker.com/id?1012861, http://www.openbsd.org/errata35.html, http://secunia.com/advisories/13819","severity":"Medium","status":"Active","title":"CVE-2005-0740 affects openbsd","type":"Packages","updated":"2008-09-05T20:47:10Z"}}
2024 Apr 19 08:36:39 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2003-1366","cvss":{"cvss2":{"base_score":3.3,"vector":{"access_complexity":"MEDIUM","authentication":"NONE","availability":"NONE","confidentiality_impact":"PARTIAL","integrity_impact":"PARTIAL"}}},"cwe_reference":"CWE-200","enumeration":"CVE","package":{"architecture":"","condition":"Package equal to 2.4","name":"openbsd","source":"","version":"2.4"},"published":"2003-12-31T05:00:00Z","rationale":"chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information.","reference":"http://securityreason.com/securityalert/3238, http://www.epita.fr/~bevand_m/asa/asa-0001, http://www.securityfocus.com/archive/1/309962, http://www.securityfocus.com/bid/6748, http://www.securitytracker.com/id?1006035, https://exchange.xforce.ibmcloud.com/vulnerabilities/11233","severity":"Low","status":"Active","title":"CVE-2003-1366 affects openbsd","type":"Packages","updated":"2017-07-29T01:29:07Z"}}
2024 Apr 19 08:36:39 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2000-0995","cvss":{"cvss2":{"base_score":7.2,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package default status","name":"openbsd","source":"","version":"2.4"},"published":"2000-12-19T05:00:00Z","rationale":"Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name.","reference":"ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch, http://www.osvdb.org/6125, https://exchange.xforce.ibmcloud.com/vulnerabilities/5635","severity":"High","status":"Active","title":"CVE-2000-0995 affects openbsd","type":"Packages","updated":"2018-05-03T01:29:09Z"}}
2024 Apr 19 08:36:39 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2000-0750","cvss":{"cvss2":{"base_score":7.5,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"PARTIAL","confidentiality_impact":"PARTIAL","integrity_impact":"PARTIAL"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package equal to 2.4","name":"openbsd","source":"","version":"2.4"},"published":"2000-10-20T04:00:00Z","rationale":"Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name.","reference":"http://archives.neohapsis.com/archives/freebsd/2000-08/0336.html, http://www.securityfocus.com/bid/1558, http://archives.neohapsis.com/archives/bugtraq/2000-08/0064.html, http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h, http://www.openbsd.org/errata.html#mopd, http://www.redhat.com/support/errata/RHSA-2000-050.html","severity":"High","status":"Active","title":"CVE-2000-0750 affects openbsd","type":"Packages","updated":"2008-09-10T19:05:45Z"}}
2024 Apr 19 08:36:40 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2000-0309","cvss":{"cvss2":{"base_score":2.1,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package equal to 2.4","name":"openbsd","source":"","version":"2.4"},"published":"2001-03-12T05:00:00Z","rationale":"The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service.","reference":"http://www.openbsd.org/errata24.html#trctrap, http://www.osvdb.org/6126","severity":"Low","status":"Active","title":"CVE-2000-0309 affects openbsd","type":"Packages","updated":"2008-09-10T19:04:03Z"}}
2024 Apr 19 08:36:40 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2003-0466","cvss":{"cvss2":{"base_score":10.0,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE"}}},"cwe_reference":"CWE-193","enumeration":"CVE","package":{"architecture":"","condition":"Package less than or equal to 3.3","name":"openbsd","source":"","version":"2.4"},"published":"2003-08-27T04:00:00Z","rationale":"Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.","reference":"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc, http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01, http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt, http://secunia.com/advisories/9423, http://secunia.com/advisories/9446, http://secunia.com/advisories/9447, http://secunia.com/advisories/9535, http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001257.1-1, http://www.debian.org/security/2003/dsa-357, http://www.novell.com/linux/security/advisories/2003_032_wuftpd.html, http://www.osvdb.org/6602, http://www.redhat.com/support/errata/RHSA-2003-245.html, http://www.redhat.com/support/errata/RHSA-2003-246.html, http://www.turbolinux.com/security/TLSA-2003-46.txt, https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1970, http://www.securityfocus.com/bid/8315, http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html, http://securitytracker.com/id?1007380, http://www.securityfocus.com/archive/1/424852/100/0/threaded, http://www.securityfocus.com/archive/1/425061/100/0/threaded, http://marc.info/?l=bugtraq&m=105967301604815&w=2, http://marc.info/?l=bugtraq&m=106001410028809&w=2, http://marc.info/?l=bugtraq&m=106001702232325&w=2, http://marc.info/?l=bugtraq&m=106002488209129&w=2, http://www.mandriva.com/security/advisories?name=MDKSA-2003:080, https://exchange.xforce.ibmcloud.com/vulnerabilities/12785, http://www.kb.cert.org/vuls/id/743092","severity":"High","status":"Active","title":"CVE-2003-0466 affects openbsd","type":"Packages","updated":"2024-02-08T15:50:15Z"}}
2024 Apr 19 08:36:40 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2000-0993","cvss":{"cvss2":{"base_score":7.2,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package equal to 2.4","name":"openbsd","source":"","version":"2.4"},"published":"2000-12-19T05:00:00Z","rationale":"Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.","reference":"http://www.securityfocus.com/bid/1744, ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:58.chpass.asc, ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-015.txt.asc, http://marc.info/?l=bugtraq&m=97068555106135&w=2, http://www.openbsd.org/errata27.html#pw_error, https://exchange.xforce.ibmcloud.com/vulnerabilities/5339","severity":"High","status":"Active","title":"CVE-2000-0993 affects openbsd","type":"Packages","updated":"2017-10-10T01:29:25Z"}}
2024 Apr 19 08:36:40 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-1999-1225","cvss":{"cvss2":{"base_score":5.0,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"NONE","confidentiality_impact":"PARTIAL","integrity_impact":"NONE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package default status","name":"openbsd","source":"","version":"2.4"},"published":"1997-08-24T04:00:00Z","rationale":"rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.","reference":"http://www.securityfocus.com/archive/1/7526, https://exchange.xforce.ibmcloud.com/vulnerabilities/347","severity":"Medium","status":"Active","title":"CVE-1999-1225 affects openbsd","type":"Packages","updated":"2017-12-19T02:29:04Z"}}
2024 Apr 19 08:36:40 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2004-0219","cvss":{"cvss2":{"base_score":5.0,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package less than or equal to 3.4","name":"openbsd","source":"","version":"2.4"},"published":"2004-05-04T04:00:00Z","rationale":"isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a malformed IPSEC SA payload, as demonstrated by the Striker ISAKMP Protocol Test Suite.","reference":"http://www.kb.cert.org/vuls/id/785945, http://marc.info/?l=bugtraq&m=108008530028019&w=2, http://www.openbsd.org/errata.html, http://www.rapid7.com/advisories/R7-0018.html, http://www.securityfocus.com/bid/9907, http://www.securitytracker.com/alerts/2004/Mar/1009468.html, https://exchange.xforce.ibmcloud.com/vulnerabilities/15628","severity":"Medium","status":"Active","title":"CVE-2004-0219 affects openbsd","type":"Packages","updated":"2017-07-11T01:29:58Z"}}
2024 Apr 19 08:36:40 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-1999-0674","cvss":{"cvss2":{"base_score":7.2,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package equal to 2.4","name":"openbsd","source":"","version":"2.4"},"published":"1999-08-09T04:00:00Z","rationale":"The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.","reference":"http://www.securityfocus.com/bid/570, http://www.ciac.org/ciac/bulletins/j-067.shtml","severity":"High","status":"Active","title":"CVE-1999-0674 affects openbsd","type":"Packages","updated":"2018-10-30T16:26:22Z"}}
2024 Apr 19 08:36:40 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2000-0997","cvss":{"cvss2":{"base_score":7.2,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package equal to 2.4","name":"openbsd","source":"","version":"2.4"},"published":"2000-12-19T05:00:00Z","rationale":"Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, and possibly other operating systems allows local attackers to gain root privileges.","reference":"http://www.securityfocus.com/bid/1752, ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch, https://exchange.xforce.ibmcloud.com/vulnerabilities/5337","severity":"High","status":"Active","title":"CVE-2000-0997 affects openbsd","type":"Packages","updated":"2018-05-03T01:29:09Z"}}
2024 Apr 19 08:36:40 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2000-0994","cvss":{"cvss2":{"base_score":7.2,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package equal to 2.4","name":"openbsd","source":"","version":"2.4"},"published":"2000-12-19T05:00:00Z","rationale":"Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable.","reference":"http://www.securityfocus.com/bid/1746, ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch, http://marc.info/?l=bugtraq&m=97068555106135&w=2, https://exchange.xforce.ibmcloud.com/vulnerabilities/5338","severity":"High","status":"Active","title":"CVE-2000-0994 affects openbsd","type":"Packages","updated":"2018-05-03T01:29:09Z"}}
2024 Apr 19 08:36:40 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2004-0414","cvss":{"cvss2":{"base_score":10.0,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package default status","name":"openbsd","source":"","version":"2.4"},"published":"2004-08-06T04:00:00Z","rationale":"CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed \"Entry\" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.","reference":"http://www.debian.org/security/2004/dsa-517, http://security.gentoo.org/glsa/glsa-200406-06.xml, ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc, ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc, http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/022441.html, http://marc.info/?l=bugtraq&m=108716553923643&w=2, http://security.e-matters.de/advisories/092004.html, http://www.mandriva.com/security/advisories?name=MDKSA-2004:058, http://www.redhat.com/support/errata/RHSA-2004-233.html, https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10575, https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A993","severity":"High","status":"Active","title":"CVE-2004-0414 affects openbsd","type":"Packages","updated":"2018-05-03T01:29:24Z"}}
2024 Apr 19 08:36:40 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-1999-0052","cvss":{"cvss2":{"base_score":5.0,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"PARTIAL","confidentiality_impact":"NONE","integrity_impact":"NONE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package equal to 2.4","name":"openbsd","source":"","version":"2.4"},"published":"1998-11-04T05:00:00Z","rationale":"IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.","reference":"http://www.osvdb.org/908, https://exchange.xforce.ibmcloud.com/vulnerabilities/1389","severity":"Medium","status":"Active","title":"CVE-1999-0052 affects openbsd","type":"Packages","updated":"2018-05-03T01:29:01Z"}}
2024 Apr 19 08:36:40 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2000-0996","cvss":{"cvss2":{"base_score":7.2,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package default status","name":"openbsd","source":"","version":"2.4"},"published":"2000-12-19T05:00:00Z","rationale":"Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell.","reference":"ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch, http://www.osvdb.org/6124, https://exchange.xforce.ibmcloud.com/vulnerabilities/5636","severity":"High","status":"Active","title":"CVE-2000-0996 affects openbsd","type":"Packages","updated":"2018-05-03T01:29:09Z"}}
2024 Apr 19 08:36:40 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2001-0378","cvss":{"cvss2":{"base_score":2.1,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"NONE","confidentiality_impact":"PARTIAL","integrity_impact":"NONE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package less than or equal to 2.8","name":"openbsd","source":"","version":"2.4"},"published":"2001-06-27T04:00:00Z","rationale":"readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files.","reference":"ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/024_readline.patch, http://www.osvdb.org/5680, https://exchange.xforce.ibmcloud.com/vulnerabilities/6586","severity":"Low","status":"Active","title":"CVE-2001-0378 affects openbsd","type":"Packages","updated":"2017-10-10T01:29:42Z"}}
2024 Apr 19 08:36:40 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2004-0220","cvss":{"cvss2":{"base_score":10.0,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE"}}},"cwe_reference":"CWE-119","enumeration":"CVE","package":{"architecture":"","condition":"Package less than or equal to 3.4","name":"openbsd","source":"","version":"2.4"},"published":"2004-05-04T04:00:00Z","rationale":"isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker ISAKMP Protocol Test Suite.","reference":"http://www.openbsd.org/errata.html, http://www.kb.cert.org/vuls/id/223273, http://marc.info/?l=bugtraq&m=108008530028019&w=2, http://www.rapid7.com/advisories/R7-0018.html, http://www.securityfocus.com/bid/9907, http://www.securitytracker.com/alerts/2004/Mar/1009468.html, https://exchange.xforce.ibmcloud.com/vulnerabilities/15629","severity":"High","status":"Active","title":"CVE-2004-0220 affects openbsd","type":"Packages","updated":"2017-07-11T01:29:58Z"}}
2024 Apr 19 08:36:40 (1-FcvwyikVX34eEYHI-debian10) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2019-19726","cvss":{"cvss2":{"base_score":7.2,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE"}}},"cwe_reference":"CWE-269","enumeration":"CVE","package":{"architecture":"","condition":"Package less than or equal to 6.6","name":"openbsd","source":"","version":"2.4"},"published":"2019-12-12T01:15:10Z","rationale":"OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.","reference":"http://seclists.org/fulldisclosure/2019/Dec/31, https://seclists.org/bugtraq/2019/Dec/25, http://packetstormsecurity.com/files/155658/Qualys-Security-Advisory-OpenBSD-Dynamic-Loader-Privilege-Escalation.html, https://www.openwall.com/lists/oss-security/2019/12/11/9, https://www.openbsd.org/errata66.html, http://packetstormsecurity.com/files/155764/OpenBSD-Dynamic-Loader-chpass-Privilege-Escalation.html, http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html, http://seclists.org/fulldisclosure/2023/Oct/11, http://www.openwall.com/lists/oss-security/2023/10/03/2","severity":"High","status":"Active","title":"CVE-2019-19726 affects openbsd","type":"Packages","updated":"2023-10-06T17:15:11Z"}}

DB Info

root@ubuntu2204:/var/ossec/queue/db# sqlite3 001.db 
SQLite version 3.37.2 2022-01-06 13:25:41
Enter ".help" for usage hints.
sqlite> SELECT * FROM sys_osinfo;
0|2023/12/2011:24:58|1-FcvwyikVX34eEYHI-debian10|x86_64|Ubuntu|20.04.6LTS(FocalFossa)|focal|20|04|6|4.18.0-305.12.1.el8_4.x86_64|ubuntu|Linux|6.2.6-76060206-generic|#202303130630~1689015125~22.04~ab2190eSMPPREEMPT_DYNAMIC|sp1|1634140017886803554||
sqlite> 

[rafabailon]

Update

To use the new simulator class, you must add the -m vulnerability parameter. Additionally, I have added the following parameters: --vulnerability-legacy-messages, --vulnerability-batch-size and --vulnerability-packages-list-file.

The code is similar to that used for syscollector with changes to adapt the logic to generate vulnerability events and not use anything that is not necessary.

The tests have been done locally. I have used the generator locally and a Ubuntu 22.04 VM with 2 cores and 4GB of RAM for the tests. I have enabled logall and have reviewed the ossec logs and archives, the simulator's own logs, and the simulated agent databases to ensure that all information appears as it should.

Note: there is the possibility of adding a parameter to decide if the events should be INSERTED or DELETED. It currently uses the syscollector functionality but a parameter can be added to choose one or both of the options. If you choose both, you could alternate or distribute the number of events between the two options (all INSERTED are sent and then all DELETED).

[Rebits]

Great job

To enhance our codebase, let's focus on refactoring GeneratorVulnerabilityEvents to eliminate redundancy and streamline its features. Additionally, it's imperative to eliminate the vulnerable package logic from GeneratorSyscollector. This class should exclusively serve the purpose of stressing the syscollector queue, without any VD functionalities.

[rafabailon]

Update

For the parameter with the vulnerabilities file, it is necessary to leave it as "default=None" since the path depends on where the simulator is being used. In the vulnerability generating class, the correct path is obtained in case of not receiving any file by parameter.

I have also refactored the entire code. I have created a Generator class with all the common functionality of the syscollector and vulnerability generator. Now the two classes inherit from Generator, thus avoiding duplicate code.

I have carried out tests for both generators and have been able to verify that they work correctly. In some cases I have detected an error. If this is the first time you run the simulator, you may get an error as if the osinfo was not sent. This does not happen in successive tests. I need to do more tests in case the problem is due to the simulation time (which needs to be longer) or there is a problem after the refactoring.

Tests

Syscollector

Command Logs

root@ubuntu2204:/home/vagrant# simulate-agents -a 172.16.1.13 -n 1 -m syscollector -s 5 -t 12 -o debian10 -v 4.8.0 --debug
DEBUG:root:Registration - 1-6dzP34HqxivVTtc1-debian10(001) in 172.16.1.13
DEBUG:root:Keep alive message = #!-Linux |agent-debian10 |4.9.0-12-amd64 |#1 SMP Debian 4.9.210-1 (2020-01-20) |x86_64 [Debian GNU/Linux|debian: 10 (buster)] - Wazuh v4.8.0 / ab73af41699f13fdd81903b5f23d8d00
d6e3ac3e75ca0319af3e7c262776f331 merged.mg
#"_agent_ip":10.0.2.15

INFO:P109162:{'keepalive': {'status': 'enabled', 'frequency': 10.0}, 'fim': {'status': 'disabled', 'eps': 0}, 'fim_integrity': {'status': 'disabled', 'eps': 0}, 'syscollector': {'status': 'enabled', 'frequency': 60, 'eps': 5}, 'vulnerability': {'status': 'disabled', 'frequency': 60.0, 'eps': 0}, 'rootcheck': {'status': 'disabled', 'frequency': 60.0, 'eps': 0}, 'sca': {'status': 'disabled', 'frequency': 60, 'eps': 0}, 'hostinfo': {'status': 'disabled', 'eps': 0}, 'winevt': {'status': 'disabled', 'eps': 0}, 'logcollector': {'status': 'disabled', 'eps': 0}, 'receive_messages': {'status': 'enabled'}}
INFO:P109162:Waiting 0 seconds before sending EPS and keep-alive events
INFO:P109162:Starting 1 agents.
DEBUG:root:Starting - 1-6dzP34HqxivVTtc1-debian10(001)(debian10) - keepalive
DEBUG:root:Starting - 1-6dzP34HqxivVTtc1-debian10(001)(debian10) - syscollector
DEBUG:root:Starting - 1-6dzP34HqxivVTtc1-debian10(001)(debian10) - receive_messages
DEBUG:root:Startup - 1-6dzP34HqxivVTtc1-debian10(001)
DEBUG:root:KeepAlive - 1-6dzP34HqxivVTtc1-debian10(001)
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"CI82YSHWE7","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"G09KQ1W19K","location":"","multiarch":"null","name":"PcJwVQpkAi","priority":"optional","scan_time":"2023/12/1915:32:25","size":"1","source":"","vendor":"PcJwVQpkAi","version":"4"}, "operation": "INSERTED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"ZYZXQZICFU","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"MHS1VTWJNT","location":"","multiarch":"null","name":"xHtJaxSzoH","priority":"optional","scan_time":"2023/12/1915:32:25","size":"2","source":"","vendor":"xHtJaxSzoH","version":"4"}, "operation": "INSERTED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"2L110J7WEQ","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"BID2AI8ZUX","location":"","multiarch":"null","name":"rDlGAqMObp","priority":"optional","scan_time":"2023/12/1915:32:25","size":"3","source":"","vendor":"rDlGAqMObp","version":"6"}, "operation": "DELETED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"A8GJAQV2A8","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"MHIDUXYP1P","location":"","multiarch":"null","name":"yqqzvWfDpW","priority":"optional","scan_time":"2023/12/1915:32:25","size":"4","source":"","vendor":"yqqzvWfDpW","version":"4"}, "operation": "DELETED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"QD283LZQGG","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"RTCKT1OW0E","location":"","multiarch":"null","name":"dBxYuLfnTN","priority":"optional","scan_time":"2023/12/1915:32:25","size":"5","source":"","vendor":"dBxYuLfnTN","version":"4"}, "operation": "INSERTED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"V8EOH5L2Q2","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"E436P4B3DW","location":"","multiarch":"null","name":"DMVCwpumig","priority":"optional","scan_time":"2023/12/1915:32:25","size":"6","source":"","vendor":"DMVCwpumig","version":"1"}, "operation": "INSERTED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"S6RESKMYAS","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"Y1TE6VVPOM","location":"","multiarch":"null","name":"MbHTfAVyCq","priority":"optional","scan_time":"2023/12/1915:32:25","size":"7","source":"","vendor":"MbHTfAVyCq","version":"5"}, "operation": "INSERTED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"G94XMSQKXE","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"6LJZ1ZO7UT","location":"","multiarch":"null","name":"WascPTlxNt","priority":"optional","scan_time":"2023/12/1915:32:25","size":"8","source":"","vendor":"WascPTlxNt","version":"7"}, "operation": "DELETED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"ENT4WCHXDT","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"O8CDBUWJLP","location":"","multiarch":"null","name":"JHQEoqPpRY","priority":"optional","scan_time":"2023/12/1915:32:25","size":"9","source":"","vendor":"JHQEoqPpRY","version":"2"}, "operation": "DELETED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"X69YL5LX9G","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"Y78KL1JMZB","location":"","multiarch":"null","name":"CEMFAHvMUC","priority":"optional","scan_time":"2023/12/1915:32:25","size":"10","source":"","vendor":"CEMFAHvMUC","version":"8"}, "operation": "INSERTED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"1DDGRJ81SN","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"DF099J3BZV","location":"","multiarch":"null","name":"kwRqOFNXMQ","priority":"optional","scan_time":"2023/12/1915:32:25","size":"11","source":"","vendor":"kwRqOFNXMQ","version":"1"}, "operation": "INSERTED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"WQ0EWCNUV6","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"JE3HO5TF9G","location":"","multiarch":"null","name":"zZblhasaXZ","priority":"optional","scan_time":"2023/12/1915:32:25","size":"12","source":"","vendor":"zZblhasaXZ","version":"0"}, "operation": "DELETED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"NDF186CKPJ","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"T08H5C27Y7","location":"","multiarch":"null","name":"tUcAvbcpMa","priority":"optional","scan_time":"2023/12/1915:32:25","size":"13","source":"","vendor":"tUcAvbcpMa","version":"7"}, "operation": "DELETED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"AWZ9J9BG8G","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"644OD1T386","location":"","multiarch":"null","name":"KCeCyOQgAm","priority":"optional","scan_time":"2023/12/1915:32:25","size":"14","source":"","vendor":"KCeCyOQgAm","version":"9"}, "operation": "DELETED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"WND343J7J9","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"N061FCFL18","location":"","multiarch":"null","name":"YaKjZOXeyt","priority":"optional","scan_time":"2023/12/1915:32:25","size":"15","source":"","vendor":"YaKjZOXeyt","version":"9"}, "operation": "DELETED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"0AY5DO9MEE","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"ULKW7W3CCW","location":"","multiarch":"null","name":"EDXfpwuXds","priority":"optional","scan_time":"2023/12/1915:32:25","size":"16","source":"","vendor":"EDXfpwuXds","version":"2"}, "operation": "INSERTED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"0UBILTX0UD","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"4PJ0UUOJLY","location":"","multiarch":"null","name":"LCBbiinMeO","priority":"optional","scan_time":"2023/12/1915:32:25","size":"17","source":"","vendor":"LCBbiinMeO","version":"3"}, "operation": "INSERTED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"Z2927K8Z16","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"RCTC4TXSBZ","location":"","multiarch":"null","name":"iENaVRAAlj","priority":"optional","scan_time":"2023/12/1915:32:25","size":"18","source":"","vendor":"iENaVRAAlj","version":"8"}, "operation": "INSERTED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"BJ1VCUPW9I","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"B4HLACLEDG","location":"","multiarch":"null","name":"CuatnFMiUy","priority":"optional","scan_time":"2023/12/1915:32:25","size":"19","source":"","vendor":"CuatnFMiUy","version":"8"}, "operation": "DELETED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"HZTEG4UAOW","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"YXWMVIWAH4","location":"","multiarch":"null","name":"NMuxdfULrw","priority":"optional","scan_time":"2023/12/1915:32:25","size":"20","source":"","vendor":"NMuxdfULrw","version":"2"}, "operation": "INSERTED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"CKKSJLRXSY","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"SZY3DXM5WV","location":"","multiarch":"null","name":"ajdOJKFRMG","priority":"optional","scan_time":"2023/12/1915:32:25","size":"21","source":"","vendor":"ajdOJKFRMG","version":"7"}, "operation": "INSERTED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"FYVK9D10DV","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"IIQS475FAP","location":"","multiarch":"null","name":"XqAkSiMpeO","priority":"optional","scan_time":"2023/12/1915:32:25","size":"22","source":"","vendor":"XqAkSiMpeO","version":"1"}, "operation": "DELETED"}
DEBUG:root:Syscollector Event  - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"ZOAH4I1X0G","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"RBFIAKAYQB","location":"","multiarch":"null","name":"ydoKyRjCrG","priority":"optional","scan_time":"2023/12/1915:32:25","size":"23","source":"","vendor":"ydoKyRjCrG","version":"9"}, "operation": "DELETED"}

Ossec Logs

root@ubuntu2204:/home/vagrant# tail -f /var/ossec/logs/ossec.log
2024/04/25 13:10:41 wazuh-authd: INFO: New connection from 172.16.1.1
2024/04/25 13:10:41 wazuh-authd: INFO: Received request for a new agent (1-6dzP34HqxivVTtc1-debian10) from: 172.16.1.1
2024/04/25 13:10:41 wazuh-authd: INFO: Agent key generated for '1-6dzP34HqxivVTtc1-debian10' (requested by any)
2024/04/25 13:10:50 wazuh-remoted: INFO: (1409): Authentication file changed. Updating.
2024/04/25 13:10:50 wazuh-remoted: INFO: (1410): Reading authentication keys file.

Archive Logs

root@ubuntu2204:/home/vagrant# tail -f /var/ossec/logs/archives/archives.log
2024 Apr 25 13:10:51 (1-6dzP34HqxivVTtc1-debian10) any->syscollector {"type": "dbsync_packages", "data": {"architecture":"","checksum":"CI82YSHWE7","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"G09KQ1W19K","location":"","multiarch":"null","name":"PcJwVQpkAi","priority":"optional","scan_time":"2023/12/1915:32:25","size":"1","source":"","vendor":"PcJwVQpkAi","version":"4"}, "operation": "INSERTED"}
2024 Apr 25 13:10:51 (1-6dzP34HqxivVTtc1-debian10) any->syscollector {"type": "dbsync_packages", "data": {"architecture":"","checksum":"ZYZXQZICFU","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"MHS1VTWJNT","location":"","multiarch":"null","name":"xHtJaxSzoH","priority":"optional","scan_time":"2023/12/1915:32:25","size":"2","source":"","vendor":"xHtJaxSzoH","version":"4"}, "operation": "INSERTED"}
2024 Apr 25 13:10:51 (1-6dzP34HqxivVTtc1-debian10) any->syscollector {"type": "dbsync_packages", "data": {"architecture":"","checksum":"A8GJAQV2A8","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"MHIDUXYP1P","location":"","multiarch":"null","name":"yqqzvWfDpW","priority":"optional","scan_time":"2023/12/1915:32:25","size":"4","source":"","vendor":"yqqzvWfDpW","version":"4"}, "operation": "DELETED"}
2024 Apr 25 13:10:51 (1-6dzP34HqxivVTtc1-debian10) any->syscollector {"type": "dbsync_packages", "data": {"architecture":"","checksum":"2L110J7WEQ","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"BID2AI8ZUX","location":"","multiarch":"null","name":"rDlGAqMObp","priority":"optional","scan_time":"2023/12/1915:32:25","size":"3","source":"","vendor":"rDlGAqMObp","version":"6"}, "operation": "DELETED"}
2024 Apr 25 13:10:51 (1-6dzP34HqxivVTtc1-debian10) any->syscollector {"type": "dbsync_packages", "data": {"architecture":"","checksum":"QD283LZQGG","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"RTCKT1OW0E","location":"","multiarch":"null","name":"dBxYuLfnTN","priority":"optional","scan_time":"2023/12/1915:32:25","size":"5","source":"","vendor":"dBxYuLfnTN","version":"4"}, "operation": "INSERTED"}
2024 Apr 25 13:10:52 (1-6dzP34HqxivVTtc1-debian10) any->syscollector {"type": "dbsync_packages", "data": {"architecture":"","checksum":"V8EOH5L2Q2","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"E436P4B3DW","location":"","multiarch":"null","name":"DMVCwpumig","priority":"optional","scan_time":"2023/12/1915:32:25","size":"6","source":"","vendor":"DMVCwpumig","version":"1"}, "operation": "INSERTED"}
2024 Apr 25 13:10:52 (1-6dzP34HqxivVTtc1-debian10) any->syscollector {"type": "dbsync_packages", "data": {"architecture":"","checksum":"S6RESKMYAS","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"Y1TE6VVPOM","location":"","multiarch":"null","name":"MbHTfAVyCq","priority":"optional","scan_time":"2023/12/1915:32:25","size":"7","source":"","vendor":"MbHTfAVyCq","version":"5"}, "operation": "INSERTED"}
2024 Apr 25 13:10:52 (1-6dzP34HqxivVTtc1-debian10) any->syscollector {"type": "dbsync_packages", "data": {"architecture":"","checksum":"ENT4WCHXDT","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"O8CDBUWJLP","location":"","multiarch":"null","name":"JHQEoqPpRY","priority":"optional","scan_time":"2023/12/1915:32:25","size":"9","source":"","vendor":"JHQEoqPpRY","version":"2"}, "operation": "DELETED"}
2024 Apr 25 13:10:52 (1-6dzP34HqxivVTtc1-debian10) any->syscollector {"type": "dbsync_packages", "data": {"architecture":"","checksum":"G94XMSQKXE","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"6LJZ1ZO7UT","location":"","multiarch":"null","name":"WascPTlxNt","priority":"optional","scan_time":"2023/12/1915:32:25","size":"8","source":"","vendor":"WascPTlxNt","version":"7"}, "operation": "DELETED"}
2024 Apr 25 13:10:52 (1-6dzP34HqxivVTtc1-debian10) any->syscollector {"type": "dbsync_packages", "data": {"architecture":"","checksum":"X69YL5LX9G","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"Y78KL1JMZB","location":"","multiarch":"null","name":"CEMFAHvMUC","priority":"optional","scan_time":"2023/12/1915:32:25","size":"10","source":"","vendor":"CEMFAHvMUC","version":"8"}, "operation": "INSERTED"}
2024 Apr 25 13:10:53 (1-6dzP34HqxivVTtc1-debian10) any->syscollector {"type": "dbsync_packages", "data": {"architecture":"","checksum":"1DDGRJ81SN","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"DF099J3BZV","location":"","multiarch":"null","name":"kwRqOFNXMQ","priority":"optional","scan_time":"2023/12/1915:32:25","size":"11","source":"","vendor":"kwRqOFNXMQ","version":"1"}, "operation": "INSERTED"}
2024 Apr 25 13:10:53 (1-6dzP34HqxivVTtc1-debian10) any->syscollector {"type": "dbsync_packages", "data": {"architecture":"","checksum":"WQ0EWCNUV6","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"JE3HO5TF9G","location":"","multiarch":"null","name":"zZblhasaXZ","priority":"optional","scan_time":"2023/12/1915:32:25","size":"12","source":"","vendor":"zZblhasaXZ","version":"0"}, "operation": "DELETED"}
2024 Apr 25 13:10:53 (1-6dzP34HqxivVTtc1-debian10) any->syscollector {"type": "dbsync_packages", "data": {"architecture":"","checksum":"NDF186CKPJ","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"T08H5C27Y7","location":"","multiarch":"null","name":"tUcAvbcpMa","priority":"optional","scan_time":"2023/12/1915:32:25","size":"13","source":"","vendor":"tUcAvbcpMa","version":"7"}, "operation": "DELETED"}
2024 Apr 25 13:10:53 (1-6dzP34HqxivVTtc1-debian10) any->syscollector {"type": "dbsync_packages", "data": {"architecture":"","checksum":"AWZ9J9BG8G","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"644OD1T386","location":"","multiarch":"null","name":"KCeCyOQgAm","priority":"optional","scan_time":"2023/12/1915:32:25","size":"14","source":"","vendor":"KCeCyOQgAm","version":"9"}, "operation": "DELETED"}
2024 Apr 25 13:10:53 (1-6dzP34HqxivVTtc1-debian10) any->syscollector {"type": "dbsync_packages", "data": {"architecture":"","checksum":"WND343J7J9","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"N061FCFL18","location":"","multiarch":"null","name":"YaKjZOXeyt","priority":"optional","scan_time":"2023/12/1915:32:25","size":"15","source":"","vendor":"YaKjZOXeyt","version":"9"}, "operation": "DELETED"}
2024 Apr 25 13:10:54 (1-6dzP34HqxivVTtc1-debian10) any->syscollector {"type": "dbsync_packages", "data": {"architecture":"","checksum":"0AY5DO9MEE","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"ULKW7W3CCW","location":"","multiarch":"null","name":"EDXfpwuXds","priority":"optional","scan_time":"2023/12/1915:32:25","size":"16","source":"","vendor":"EDXfpwuXds","version":"2"}, "operation": "INSERTED"}
2024 Apr 25 13:10:54 (1-6dzP34HqxivVTtc1-debian10) any->syscollector {"type": "dbsync_packages", "data": {"architecture":"","checksum":"0UBILTX0UD","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"4PJ0UUOJLY","location":"","multiarch":"null","name":"LCBbiinMeO","priority":"optional","scan_time":"2023/12/1915:32:25","size":"17","source":"","vendor":"LCBbiinMeO","version":"3"}, "operation": "INSERTED"}
2024 Apr 25 13:10:54 (1-6dzP34HqxivVTtc1-debian10) any->syscollector {"type": "dbsync_packages", "data": {"architecture":"","checksum":"BJ1VCUPW9I","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"B4HLACLEDG","location":"","multiarch":"null","name":"CuatnFMiUy","priority":"optional","scan_time":"2023/12/1915:32:25","size":"19","source":"","vendor":"CuatnFMiUy","version":"8"}, "operation": "DELETED"}
2024 Apr 25 13:10:54 (1-6dzP34HqxivVTtc1-debian10) any->syscollector {"type": "dbsync_packages", "data": {"architecture":"","checksum":"Z2927K8Z16","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"RCTC4TXSBZ","location":"","multiarch":"null","name":"iENaVRAAlj","priority":"optional","scan_time":"2023/12/1915:32:25","size":"18","source":"","vendor":"iENaVRAAlj","version":"8"}, "operation": "INSERTED"}
2024 Apr 25 13:10:54 (1-6dzP34HqxivVTtc1-debian10) any->syscollector {"type": "dbsync_packages", "data": {"architecture":"","checksum":"HZTEG4UAOW","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"YXWMVIWAH4","location":"","multiarch":"null","name":"NMuxdfULrw","priority":"optional","scan_time":"2023/12/1915:32:25","size":"20","source":"","vendor":"NMuxdfULrw","version":"2"}, "operation": "INSERTED"}
2024 Apr 25 13:10:55 (1-6dzP34HqxivVTtc1-debian10) any->syscollector {"type": "dbsync_packages", "data": {"architecture":"","checksum":"CKKSJLRXSY","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"SZY3DXM5WV","location":"","multiarch":"null","name":"ajdOJKFRMG","priority":"optional","scan_time":"2023/12/1915:32:25","size":"21","source":"","vendor":"ajdOJKFRMG","version":"7"}, "operation": "INSERTED"}
2024 Apr 25 13:10:55 (1-6dzP34HqxivVTtc1-debian10) any->syscollector {"type": "dbsync_packages", "data": {"architecture":"","checksum":"FYVK9D10DV","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"IIQS475FAP","location":"","multiarch":"null","name":"XqAkSiMpeO","priority":"optional","scan_time":"2023/12/1915:32:25","size":"22","source":"","vendor":"XqAkSiMpeO","version":"1"}, "operation": "DELETED"}
2024 Apr 25 13:10:55 (1-6dzP34HqxivVTtc1-debian10) any->syscollector {"type": "dbsync_packages", "data": {"architecture":"","checksum":"ZOAH4I1X0G","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"RBFIAKAYQB","location":"","multiarch":"null","name":"ydoKyRjCrG","priority":"optional","scan_time":"2023/12/1915:32:25","size":"23","source":"","vendor":"ydoKyRjCrG","version":"9"}, "operation": "DELETED"}

DB Info

root@ubuntu2204:/var/ossec/queue/db# sqlite3 001.db 
SQLite version 3.37.2 2022-01-06 13:25:41
Enter ".help" for usage hints.
sqlite> SELECT * FROM sys_osinfo;
sqlite> 

Vulnerability

Command Logs

root@ubuntu2204:/home/vagrant# simulate-agents -a 172.16.1.13 -n 3 -m vulnerability -s 5 -t 12 -o ubuntu18.04 -v 4.8.0 --debug
DEBUG:root:Registration - 1-ZYtH8zMsEP9mcTwI-ubuntu18.04(001) in 172.16.1.13
DEBUG:root:Keep alive message = #!-Linux |agent-ubuntu18 |4.15.0-76-generic |#220-Ubuntu SMP Thu May 9 12:40:49 UTC 2019 |x86_64 [Ubuntu|ubuntu: 18.04.4 LTS (Bionic Beaver)] - Wazuh v4.8.0 / ab73af41699f13fdd81903b5f23d8d00
d6e3ac3e75ca0319af3e7c262776f331 merged.mg
#"_agent_ip":172.16.5.9
ubuntu20.04
#!-Linux |agent-ubuntu20 |5.4.0-62-generic |#220-Ubuntu SMP Thu May 9 12:40:49 UTC 2019 |x86_64 [Ubuntu|ubuntu: 20.04.4 LTS (Focal Fossa)] - Wazuh v4.8.0 / ab73af41699f13fdd81903b5f23d8d00
d6e3ac3e75ca0319af3e7c262776f331 merged.mg
#"_agent_ip":172.16.5.10

INFO:P191103:{'keepalive': {'status': 'enabled', 'frequency': 10.0}, 'fim': {'status': 'disabled', 'eps': 0}, 'fim_integrity': {'status': 'disabled', 'eps': 0}, 'syscollector': {'status': 'disabled', 'frequency': 60, 'eps': 0}, 'vulnerability': {'status': 'enabled', 'frequency': 60.0, 'eps': 5}, 'rootcheck': {'status': 'disabled', 'frequency': 60.0, 'eps': 0}, 'sca': {'status': 'disabled', 'frequency': 60, 'eps': 0}, 'hostinfo': {'status': 'disabled', 'eps': 0}, 'winevt': {'status': 'disabled', 'eps': 0}, 'logcollector': {'status': 'disabled', 'eps': 0}, 'receive_messages': {'status': 'enabled'}}
DEBUG:root:Registration - 1-TDbk91qElf4icYwA-ubuntu18.04(002) in 172.16.1.13
DEBUG:root:Keep alive message = #!-Linux |agent-ubuntu18 |4.15.0-76-generic |#220-Ubuntu SMP Thu May 9 12:40:49 UTC 2019 |x86_64 [Ubuntu|ubuntu: 18.04.4 LTS (Bionic Beaver)] - Wazuh v4.8.0 / ab73af41699f13fdd81903b5f23d8d00
d6e3ac3e75ca0319af3e7c262776f331 merged.mg
#"_agent_ip":172.16.5.9
ubuntu20.04
#!-Linux |agent-ubuntu20 |5.4.0-62-generic |#220-Ubuntu SMP Thu May 9 12:40:49 UTC 2019 |x86_64 [Ubuntu|ubuntu: 20.04.4 LTS (Focal Fossa)] - Wazuh v4.8.0 / ab73af41699f13fdd81903b5f23d8d00
d6e3ac3e75ca0319af3e7c262776f331 merged.mg
#"_agent_ip":172.16.5.10

INFO:P191103:{'keepalive': {'status': 'enabled', 'frequency': 10.0}, 'fim': {'status': 'disabled', 'eps': 0}, 'fim_integrity': {'status': 'disabled', 'eps': 0}, 'syscollector': {'status': 'disabled', 'frequency': 60, 'eps': 0}, 'vulnerability': {'status': 'enabled', 'frequency': 60.0, 'eps': 5}, 'rootcheck': {'status': 'disabled', 'frequency': 60.0, 'eps': 0}, 'sca': {'status': 'disabled', 'frequency': 60, 'eps': 0}, 'hostinfo': {'status': 'disabled', 'eps': 0}, 'winevt': {'status': 'disabled', 'eps': 0}, 'logcollector': {'status': 'disabled', 'eps': 0}, 'receive_messages': {'status': 'enabled'}}
DEBUG:root:Registration - 1-eNI6WMUQvSpyk3t0-ubuntu18.04(003) in 172.16.1.13
DEBUG:root:Keep alive message = #!-Linux |agent-ubuntu18 |4.15.0-76-generic |#220-Ubuntu SMP Thu May 9 12:40:49 UTC 2019 |x86_64 [Ubuntu|ubuntu: 18.04.4 LTS (Bionic Beaver)] - Wazuh v4.8.0 / ab73af41699f13fdd81903b5f23d8d00
d6e3ac3e75ca0319af3e7c262776f331 merged.mg
#"_agent_ip":172.16.5.9
ubuntu20.04
#!-Linux |agent-ubuntu20 |5.4.0-62-generic |#220-Ubuntu SMP Thu May 9 12:40:49 UTC 2019 |x86_64 [Ubuntu|ubuntu: 20.04.4 LTS (Focal Fossa)] - Wazuh v4.8.0 / ab73af41699f13fdd81903b5f23d8d00
d6e3ac3e75ca0319af3e7c262776f331 merged.mg
#"_agent_ip":172.16.5.10

INFO:P191103:{'keepalive': {'status': 'enabled', 'frequency': 10.0}, 'fim': {'status': 'disabled', 'eps': 0}, 'fim_integrity': {'status': 'disabled', 'eps': 0}, 'syscollector': {'status': 'disabled', 'frequency': 60, 'eps': 0}, 'vulnerability': {'status': 'enabled', 'frequency': 60.0, 'eps': 5}, 'rootcheck': {'status': 'disabled', 'frequency': 60.0, 'eps': 0}, 'sca': {'status': 'disabled', 'frequency': 60, 'eps': 0}, 'hostinfo': {'status': 'disabled', 'eps': 0}, 'winevt': {'status': 'disabled', 'eps': 0}, 'logcollector': {'status': 'disabled', 'eps': 0}, 'receive_messages': {'status': 'enabled'}}
INFO:P191103:Waiting 0 seconds before sending EPS and keep-alive events
INFO:P191103:Starting 3 agents.
DEBUG:root:Starting - 1-ZYtH8zMsEP9mcTwI-ubuntu18.04(001)(ubuntu18.04) - keepalive
DEBUG:root:Starting - 1-ZYtH8zMsEP9mcTwI-ubuntu18.04(001)(ubuntu18.04) - vulnerability
DEBUG:root:Starting - 1-ZYtH8zMsEP9mcTwI-ubuntu18.04(001)(ubuntu18.04) - receive_messages
DEBUG:root:Starting - 1-TDbk91qElf4icYwA-ubuntu18.04(002)(ubuntu18.04) - keepalive
DEBUG:root:Starting - 1-TDbk91qElf4icYwA-ubuntu18.04(002)(ubuntu18.04) - vulnerability
DEBUG:root:Starting - 1-TDbk91qElf4icYwA-ubuntu18.04(002)(ubuntu18.04) - receive_messages
DEBUG:root:Starting - 1-eNI6WMUQvSpyk3t0-ubuntu18.04(003)(ubuntu18.04) - keepalive
DEBUG:root:Starting - 1-eNI6WMUQvSpyk3t0-ubuntu18.04(003)(ubuntu18.04) - vulnerability
DEBUG:root:Starting - 1-eNI6WMUQvSpyk3t0-ubuntu18.04(003)(ubuntu18.04) - receive_messages
DEBUG:root:Startup - 1-ZYtH8zMsEP9mcTwI-ubuntu18.04(001)
DEBUG:root:KeepAlive - 1-ZYtH8zMsEP9mcTwI-ubuntu18.04(001)
DEBUG:root:Startup - 1-TDbk91qElf4icYwA-ubuntu18.04(002)
DEBUG:root:KeepAlive - 1-TDbk91qElf4icYwA-ubuntu18.04(002)
DEBUG:root:Startup - 1-eNI6WMUQvSpyk3t0-ubuntu18.04(003)
DEBUG:root:KeepAlive - 1-eNI6WMUQvSpyk3t0-ubuntu18.04(003)
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_osinfo", "data": {"checksum":"1634140017886803554","architecture":"x86_64","hostname":"1-eNI6WMUQvSpyk3t0-ubuntu18.04","os_codename":"focal","os_major":"20","os_minor":"04","os_name":"Ubuntu","os_platform":"ubuntu","os_patch":"6","os_release":"sp1","os_version":"20.04.6LTS(FocalFossa)","os_build":"4.18.0-305.12.1.el8_4.x86_64","release":"6.2.6-76060206-generic","scan_time":"2023/12/2011:24:58","sysname":"Linux","version":"#202303130630~1689015125~22.04~ab2190eSMPPREEMPT_DYNAMIC"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_osinfo", "data": {"checksum":"1634140017886803554","architecture":"x86_64","hostname":"1-ZYtH8zMsEP9mcTwI-ubuntu18.04","os_codename":"focal","os_major":"20","os_minor":"04","os_name":"Ubuntu","os_platform":"ubuntu","os_patch":"6","os_release":"sp1","os_version":"20.04.6LTS(FocalFossa)","os_build":"4.18.0-305.12.1.el8_4.x86_64","release":"6.2.6-76060206-generic","scan_time":"2023/12/2011:24:58","sysname":"Linux","version":"#202303130630~1689015125~22.04~ab2190eSMPPREEMPT_DYNAMIC"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"OCML38F1T1","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"0B18WDJYAM","location":"","multiarch":"null","name":"bsd_os","priority":"optional","scan_time":"2023/12/1915:32:25","size":"2","source":"","vendor":"bsdi","version":"3.1"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"L8HV1WH1WC","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"CTSP86FSZ7","location":"","multiarch":"null","name":"bsd_os","priority":"optional","scan_time":"2023/12/1915:32:25","size":"2","source":"","vendor":"bsdi","version":"3.1"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"PGVNAT1J5W","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"NCRI2LFE8Q","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"3","source":"","vendor":"freebsd","version":"1.0"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"V4U7HRQIYY","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"FNYE3RKNVR","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"3","source":"","vendor":"freebsd","version":"1.0"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"PRHLEFGICB","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"DG8CPC30GR","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"4","source":"","vendor":"freebsd","version":"1.1"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"QWQURAR5A0","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"Q3XQT8YWEX","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"4","source":"","vendor":"freebsd","version":"1.1"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"MKINLOOBN9","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"HH7NN5RA1J","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"5","source":"","vendor":"freebsd","version":"1.1.5.1"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"0P2S1LAF29","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"THAUB4MWBB","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"5","source":"","vendor":"freebsd","version":"1.1.5.1"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_osinfo", "data": {"checksum":"1634140017886803554","architecture":"x86_64","hostname":"1-TDbk91qElf4icYwA-ubuntu18.04","os_codename":"focal","os_major":"20","os_minor":"04","os_name":"Ubuntu","os_platform":"ubuntu","os_patch":"6","os_release":"sp1","os_version":"20.04.6LTS(FocalFossa)","os_build":"4.18.0-305.12.1.el8_4.x86_64","release":"6.2.6-76060206-generic","scan_time":"2023/12/2011:24:58","sysname":"Linux","version":"#202303130630~1689015125~22.04~ab2190eSMPPREEMPT_DYNAMIC"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"AVWAJXE52C","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"5RBJK18LVG","location":"","multiarch":"null","name":"bsd_os","priority":"optional","scan_time":"2023/12/1915:32:25","size":"2","source":"","vendor":"bsdi","version":"3.1"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"YUQU6JPJVW","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"2QH7450HVP","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"3","source":"","vendor":"freebsd","version":"1.0"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"NF6C439H4J","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"6TDA31N24D","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"4","source":"","vendor":"freebsd","version":"1.1"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"D4B8LKQ7EV","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"KWICQLBPUA","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"5","source":"","vendor":"freebsd","version":"1.1.5.1"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"IK759L0CRK","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"02WHVZ0D53","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"6","source":"","vendor":"freebsd","version":"1.2"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"E3Y75CJ8HO","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"M42EML1SZK","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"7","source":"","vendor":"freebsd","version":"2.0"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"C90Z4GB1RQ","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"DTMPSB08M5","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"8","source":"","vendor":"freebsd","version":"2.0.1"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"TN800QA3MR","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"0NO31F506X","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"9","source":"","vendor":"freebsd","version":"2.0.5"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"EL958SSRDT","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"NKMLN40TLZ","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"10","source":"","vendor":"freebsd","version":"2.1.5"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"VOGIB6D55W","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"Z8MCHI15JR","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"6","source":"","vendor":"freebsd","version":"1.2"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"ZYF31KEWHK","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"FM5S7D6EXF","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"7","source":"","vendor":"freebsd","version":"2.0"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"6U9AEID81S","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"JA2D2G0BYX","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"6","source":"","vendor":"freebsd","version":"1.2"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"1NR6Y6AQUX","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"YDF7BIF3EC","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"8","source":"","vendor":"freebsd","version":"2.0.1"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"55V7IB76X9","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"J8UYXT9513","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"9","source":"","vendor":"freebsd","version":"2.0.5"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"TSK7FHMOPN","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"E6HPPWRN3C","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"7","source":"","vendor":"freebsd","version":"2.0"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"SBSHSFIBCO","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"76Q36LUAG0","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"10","source":"","vendor":"freebsd","version":"2.1.5"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"G0W1RNLC65","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"HGPCC9X6ZL","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"8","source":"","vendor":"freebsd","version":"2.0.1"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"8RC9TLMQV0","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"0C18ZAOG7U","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"9","source":"","vendor":"freebsd","version":"2.0.5"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"2MLPVHPK55","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"H40B4D3R2L","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"10","source":"","vendor":"freebsd","version":"2.1.5"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"P57DOL3OIA","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"L63Y5XXBZP","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"11","source":"","vendor":"freebsd","version":"2.1.6"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"PYW6HZEMBZ","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"KRPILQ2671","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"12","source":"","vendor":"freebsd","version":"2.1.6.1"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"FZKSM4R14Z","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"RBNAW53IHW","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"13","source":"","vendor":"freebsd","version":"2.1.7"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"OAC8B09513","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"TQ7C1BBNF2","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"14","source":"","vendor":"freebsd","version":"2.1.7.1"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"EUBLWFZ3AO","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"5YMRA1KSVQ","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"15","source":"","vendor":"freebsd","version":"2.2"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"49CH8XD8WT","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"6X2TZ5FDVQ","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"11","source":"","vendor":"freebsd","version":"2.1.6"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"RL85H2D41U","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"H0ZPA3JX2O","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"12","source":"","vendor":"freebsd","version":"2.1.6.1"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"BMAB5L5MM8","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"MAA09AXAN2","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"11","source":"","vendor":"freebsd","version":"2.1.6"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"8YUFC2X9JA","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"C9MLVCY1SJ","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"13","source":"","vendor":"freebsd","version":"2.1.7"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"P7DZ69BHW7","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"IFD4R691S3","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"14","source":"","vendor":"freebsd","version":"2.1.7.1"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"1GC90V4WOR","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"COV15AA9SG","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"12","source":"","vendor":"freebsd","version":"2.1.6.1"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"KGK6V9QYNC","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"6L9CHSI9SD","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"15","source":"","vendor":"freebsd","version":"2.2"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"9I7V0TS4DE","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"U066Q7ARD2","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"13","source":"","vendor":"freebsd","version":"2.1.7"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"0AY90TZBVB","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"UL2MD50SER","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"14","source":"","vendor":"freebsd","version":"2.1.7.1"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"VQEKDCVEG8","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"DLFBVNJ75K","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"15","source":"","vendor":"freebsd","version":"2.2"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"UU8A00L89C","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"V6YITWBECM","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"16","source":"","vendor":"freebsd","version":"2.2.2"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"ES8K7DG0IX","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"A0Q57GQ7C2","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"17","source":"","vendor":"freebsd","version":"2.2.3"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"ORNKIHQ6J5","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"EGGAYLJN2H","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"18","source":"","vendor":"freebsd","version":"2.2.4"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"J4WRI26BFE","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"LZTGDWIAB3","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"19","source":"","vendor":"freebsd","version":"2.2.5"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"CXLX9AE3YZ","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"7NCVT0CDA6","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"20","source":"","vendor":"freebsd","version":"2.2.6"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"V890I982Y5","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"HEA3LU1BI3","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"16","source":"","vendor":"freebsd","version":"2.2.2"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"GMG9DURR9E","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"3OOPODLY7L","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"17","source":"","vendor":"freebsd","version":"2.2.3"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"GYC830YZHT","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"DI2N5TV9Q9","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"16","source":"","vendor":"freebsd","version":"2.2.2"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"SDEAALUWG7","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"50QQQP09J2","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"18","source":"","vendor":"freebsd","version":"2.2.4"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"5PEVRGBSGM","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"E0W21A2Z5M","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"19","source":"","vendor":"freebsd","version":"2.2.5"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"4JIYH44RR6","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"DDGCC9UDVJ","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"17","source":"","vendor":"freebsd","version":"2.2.3"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"IKGMIWUH1Z","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"UI38K5AGWE","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"20","source":"","vendor":"freebsd","version":"2.2.6"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"CJGHWLBWUR","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"IRD44Z2UD8","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"18","source":"","vendor":"freebsd","version":"2.2.4"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"LBZHTZU689","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"56513AHT6D","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"19","source":"","vendor":"freebsd","version":"2.2.5"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"0V47MPG1FU","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"LR2SOW27D8","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"20","source":"","vendor":"freebsd","version":"2.2.6"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"X8UH67MWU6","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"OPK94ZIB5V","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"21","source":"","vendor":"freebsd","version":"2.2.8"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"NFF1DHHCHV","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"GMACP8PCLR","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"21","source":"","vendor":"freebsd","version":"2.2.8"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"1L80F04OSQ","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"S0IZBVIYAS","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"22","source":"","vendor":"freebsd","version":"3.0"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"8X5APACYM9","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"ZP5ORQPMBN","location":"","multiarch":"null","name":"openbsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"23","source":"","vendor":"openbsd","version":"2.3"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"I71FLM7YO1","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"1U476JOVWD","location":"","multiarch":"null","name":"openbsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"24","source":"","vendor":"openbsd","version":"2.4"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"XGGYGPTDSW","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"VUSFMFACT5","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"21","source":"","vendor":"freebsd","version":"2.2.8"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"8NWRZ122XD","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"5P4RYAPE2B","location":"","multiarch":"null","name":"bsd_os","priority":"optional","scan_time":"2023/12/1915:32:25","size":"25","source":"","vendor":"bsdi","version":"1.1"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"1JORTYLUR0","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"4YRLITZQNO","location":"","multiarch":"null","name":"freebsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"22","source":"","vendor":"freebsd","version":"3.0"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"TIA5A6QD6F","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"I23WS7J5VC","location":"","multiarch":"null","name":"openbsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"23","source":"","vendor":"openbsd","version":"2.3"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"ZI4RAPCC83","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"3ALVRJO47T","location":"","multiarch":"null","name":"openbsd","priority":"optional","scan_time":"2023/12/1915:32:25","size":"24","source":"","vendor":"openbsd","version":"2.4"}, "operation": "INSERTED"}
DEBUG:root:Vulnerability Event - d:syscollector:{"type": "dbsync_packages", "data": {"architecture":"","checksum":"SE6URFCIR6","description":"","format":"","groups":"editors","install_time":"2024/04/25 00:00:00","item_id":"KYGZ7YRG8J","location":"","multiarch":"null","name":"bsd_os","priority":"optional","scan_time":"2023/12/1915:32:25","size":"25","source":"","vendor":"bsdi","version":"1.1"}, "operation": "INSERTED"}

Ossec Logs

root@ubuntu2204:/home/vagrant# tail -f /var/ossec/logs/ossec.log
2024/04/25 14:47:02 wazuh-modulesd:database: INFO: Module started.
2024/04/25 14:47:02 sca: INFO: Starting evaluation of policy: '/var/ossec/ruleset/sca/cis_ubuntu22-04.yml'
2024/04/25 14:47:02 wazuh-modulesd:syscollector: INFO: Module started.
2024/04/25 14:47:02 wazuh-modulesd:syscollector: INFO: Starting evaluation.
2024/04/25 14:47:02 wazuh-modulesd:syscollector: INFO: Evaluation finished.
2024/04/25 14:47:02 indexer-connector: INFO: IndexerConnector initialized successfully for index: wazuh-states-vulnerabilities.
2024/04/25 14:47:02 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started
2024/04/25 14:47:08 sca: INFO: Evaluation finished for policy '/var/ossec/ruleset/sca/cis_ubuntu22-04.yml'
2024/04/25 14:47:08 sca: INFO: Security Configuration Assessment scan finished. Duration: 6 seconds.
2024/04/25 14:47:14 rootcheck: INFO: Ending rootcheck scan.
2024/04/25 14:51:29 wazuh-authd: INFO: New connection from 172.16.1.1
2024/04/25 14:51:29 wazuh-authd: INFO: Received request for a new agent (1-ZYtH8zMsEP9mcTwI-ubuntu18.04) from: 172.16.1.1
2024/04/25 14:51:29 wazuh-authd: INFO: Agent key generated for '1-ZYtH8zMsEP9mcTwI-ubuntu18.04' (requested by any)
2024/04/25 14:51:29 wazuh-authd: INFO: New connection from 172.16.1.1
2024/04/25 14:51:29 wazuh-authd: INFO: Received request for a new agent (1-TDbk91qElf4icYwA-ubuntu18.04) from: 172.16.1.1
2024/04/25 14:51:29 wazuh-authd: INFO: Agent key generated for '1-TDbk91qElf4icYwA-ubuntu18.04' (requested by any)
2024/04/25 14:51:29 wazuh-authd: INFO: New connection from 172.16.1.1
2024/04/25 14:51:29 wazuh-authd: INFO: Received request for a new agent (1-eNI6WMUQvSpyk3t0-ubuntu18.04) from: 172.16.1.1
2024/04/25 14:51:29 wazuh-authd: INFO: Agent key generated for '1-eNI6WMUQvSpyk3t0-ubuntu18.04' (requested by any)
2024/04/25 14:51:39 wazuh-remoted: INFO: (1409): Authentication file changed. Updating.
2024/04/25 14:51:39 wazuh-remoted: INFO: (1410): Reading authentication keys file.

Archive Logs

root@ubuntu2204:/home/vagrant# tail -n 10 /var/ossec/logs/archives/archives.log
2024 Apr 25 14:53:08 (1-eNI6WMUQvSpyk3t0-ubuntu18.04) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-1999-0165","cvss":{"cvss2":{"base_score":10.0,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package default status","name":"bsd_os","source":"","version":"1.1"},"published":"1997-03-01T05:00:00Z","rationale":"NFS cache poisoning.","reference":"https://www.cve.org/CVERecord?id=CVE-1999-0165","severity":"High","status":"Active","title":"CVE-1999-0165 affects bsd_os","type":"Packages","updated":"2022-08-17T10:15:11Z"}}
2024 Apr 25 14:53:08 (1-eNI6WMUQvSpyk3t0-ubuntu18.04) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-1999-0023","cvss":{"cvss2":{"base_score":7.2,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package default status","name":"bsd_os","source":"","version":"1.1"},"published":"1996-07-24T04:00:00Z","rationale":"Local user gains root privileges via buffer overflow in rdist, via lookup() function.","reference":"https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0023","severity":"High","status":"Active","title":"CVE-1999-0023 affects bsd_os","type":"Packages","updated":"2022-08-17T07:15:08Z"}}
2024 Apr 25 14:53:08 (1-eNI6WMUQvSpyk3t0-ubuntu18.04) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-1999-0046","cvss":{"cvss2":{"base_score":10.0,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE"}}},"cwe_reference":"CWE-120","enumeration":"CVE","package":{"architecture":"","condition":"Package equal to 1.1","name":"bsd_os","source":"","version":"1.1"},"published":"1997-02-06T05:00:00Z","rationale":"Buffer overflow of rlogin program using TERM environmental variable.","reference":"https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0046","severity":"High","status":"Active","title":"CVE-1999-0046 affects bsd_os","type":"Packages","updated":"2024-02-09T03:19:37Z"}}
2024 Apr 25 14:53:08 (1-eNI6WMUQvSpyk3t0-ubuntu18.04) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-1999-0096","cvss":{"cvss2":{"base_score":5.0,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"NONE","confidentiality_impact":"NONE","integrity_impact":"PARTIAL"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package default status","name":"bsd_os","source":"","version":"1.1"},"published":"1996-12-10T05:00:00Z","rationale":"Sendmail decode alias can be used to overwrite sensitive files.","reference":"http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba","severity":"Medium","status":"Active","title":"CVE-1999-0096 affects bsd_os","type":"Packages","updated":"2008-09-09T12:33:41Z"}}
2024 Apr 25 14:53:08 (1-eNI6WMUQvSpyk3t0-ubuntu18.04) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-1999-0798","cvss":{"cvss2":{"base_score":10.0,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package default status","name":"bsd_os","source":"","version":"1.1"},"published":"1998-12-04T05:00:00Z","rationale":"Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.","reference":"http://marc.info/?l=bugtraq&m=91278867118128&w=2","severity":"High","status":"Active","title":"CVE-1999-0798 affects bsd_os","type":"Packages","updated":"2016-10-18T01:59:43Z"}}
2024 Apr 25 14:53:08 (1-eNI6WMUQvSpyk3t0-ubuntu18.04) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-2008-4609","cvss":{"cvss2":{"base_score":7.1,"vector":{"access_complexity":"MEDIUM","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"NONE","integrity_impact":"NONE"}}},"cwe_reference":"CWE-16","enumeration":"CVE","package":{"architecture":"","condition":"Package default status","name":"bsd_os","source":"","version":"1.1"},"published":"2008-10-20T17:59:26Z","rationale":"The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.","reference":"http://blog.robertlee.name/2008/10/conjecture-speculation.html, http://insecure.org/stf/tcp-dos-attack-explained.html, http://lists.immunitysec.com/pipermail/dailydave/2008-October/005360.html, http://searchsecurity.techtarget.com.au/articles/27154-TCP-is-fundamentally-borked, http://www.cisco.com/en/US/products/products_security_advisory09186a0080af511d.shtml, http://www.cisco.com/en/US/products/products_security_response09186a0080a15120.html, http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf, http://www.mandriva.com/security/advisories?name=MDVSA-2013:150, http://www.outpost24.com/news/news-2008-10-02.html, https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6340, https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html, https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048, http://marc.info/?l=bugtraq&m=125856010926699&w=2, http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html, http://www.us-cert.gov/cas/techalerts/TA09-251A.html","severity":"High","status":"Active","title":"CVE-2008-4609 affects bsd_os","type":"Packages","updated":"2022-12-14T16:40:36Z"}}
2024 Apr 25 14:53:08 (1-eNI6WMUQvSpyk3t0-ubuntu18.04) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-1999-0078","cvss":{"cvss2":{"base_score":1.9,"vector":{"access_complexity":"MEDIUM","authentication":"NONE","availability":"NONE","confidentiality_impact":"PARTIAL","integrity_impact":"NONE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package default status","name":"bsd_os","source":"","version":"1.1"},"published":"1996-04-18T04:00:00Z","rationale":"pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.","reference":"https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0078","severity":"Low","status":"Active","title":"CVE-1999-0078 affects bsd_os","type":"Packages","updated":"2022-08-17T07:15:10Z"}}
2024 Apr 25 14:53:08 (1-eNI6WMUQvSpyk3t0-ubuntu18.04) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-1999-0022","cvss":{"cvss2":{"base_score":7.2,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package equal to 1.1","name":"bsd_os","source":"","version":"1.1"},"published":"1996-07-03T04:00:00Z","rationale":"Local user gains root privileges via buffer overflow in rdist, via expstr() function.","reference":"http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/179","severity":"High","status":"Active","title":"CVE-1999-0022 affects bsd_os","type":"Packages","updated":"2018-10-30T16:26:22Z"}}
2024 Apr 25 14:53:08 (1-eNI6WMUQvSpyk3t0-ubuntu18.04) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-1999-0002","cvss":{"cvss2":{"base_score":10.0,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"COMPLETE","confidentiality_impact":"COMPLETE","integrity_impact":"COMPLETE"}}},"cwe_reference":"CWE-119","enumeration":"CVE","package":{"architecture":"","condition":"Package equal to 1.1","name":"bsd_os","source":"","version":"1.1"},"published":"1998-10-12T04:00:00Z","rationale":"Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.","reference":"http://www.securityfocus.com/bid/121, ftp://patches.sgi.com/support/free/security/advisories/19981006-01-I, http://www.ciac.org/ciac/bulletins/j-006.shtml","severity":"High","status":"Active","title":"CVE-1999-0002 affects bsd_os","type":"Packages","updated":"2009-01-26T05:00:00Z"}}
2024 Apr 25 14:53:08 (1-eNI6WMUQvSpyk3t0-ubuntu18.04) any->vulnerability-detector {"vulnerability":{"assigner":"mitre","cve":"CVE-1999-0305","cvss":{"cvss2":{"base_score":5.0,"vector":{"access_complexity":"LOW","authentication":"NONE","availability":"NONE","confidentiality_impact":"PARTIAL","integrity_impact":"NONE"}}},"cwe_reference":"","enumeration":"CVE","package":{"architecture":"","condition":"Package default status","name":"bsd_os","source":"","version":"1.1"},"published":"1998-02-01T05:00:00Z","rationale":"The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections.","reference":"http://www.openbsd.org/advisories/sourceroute.txt, http://www.osvdb.org/11502, https://exchange.xforce.ibmcloud.com/vulnerabilities/736","severity":"Medium","status":"Active","title":"CVE-1999-0305 affects bsd_os","type":"Packages","updated":"2018-05-03T01:29:02Z"}}

DB Info

root@ubuntu2204:/var/ossec/queue/db# sqlite3 002.db 
SQLite version 3.37.2 2022-01-06 13:25:41
Enter ".help" for usage hints.
sqlite> SELECT * FROM sys_osinfo;
0|2023/12/2011:24:58|1-TDbk91qElf4icYwA-ubuntu18.04|x86_64|Ubuntu|20.04.6LTS(FocalFossa)|focal|20|04|6|4.18.0-305.12.1.el8_4.x86_64|ubuntu|Linux|6.2.6-76060206-generic|#202303130630~1689015125~22.04~ab2190eSMPPREEMPT_DYNAMIC|sp1|1634140017886803554||

[rafabailon]

Update

After several tests, I have been able to verify that the errors I detect when using the simulator are caused by the simulation time. The default value of -t is 60. If we modify this value, depending on the number of agents, some agents may fail. I have tried different combinations of -n and -t. With a -t of between 40 and 60 seconds, I have found no problems.

[Rebits]

Currently testing in real environment

[Rebits]

Great job! Minor changes are required

[Rebits]

Include new parameters in the docstring

[rafabailon]

Added in e1452af

[Rebits]

Suggested change

	tag (str): By default ''syscollector
	tag (str): By default 'syscollector'

[rafabailon]

Fixed in e1452af

[Rebits]

This is not required for Vulnerability Detection alerts. For now, we only support package vulnerabilities, not OS vulnerabilities. So, we should remove this option

[rafabailon]

Changed in e1452af and a24859a

[Rebits]

I also suggest replacing default syscollector event type from packages to all the types "packages", "processes", "ports", etc because Syscollector generator is no longer planned for the generation of the vulnerabilities

[rafabailon]

Update

I have made the suggested changes. I have also fixed some errors in the code comments to avoid confusion. I have repeated all the tests to make sure it is still working correctly.

[Rebits]

LGTM