[ubuntu-hardened] OVAL shows vulnerabilities when software is not installed
Jesus Linares
jesus at wazuh.com
Tue Jul 4 17:50:57 UTC 2017
Hi,
I'm testing again the oval files for Xenial 16.04 (updated) and OpenSCAP
reports 1750 *fails*... Something weird is happening. I will check out this
issue again, but I would appreciate any help.
Here an example:
> <linux-def:dpkginfo_test id="oval:com.ubuntu.xenial:tst:20176919000"
> version="1" check_existence="any_exist" check="all" comment="*Returns
> true whether or not the 'drupal7' package exists.*">
> <linux-def:object object_ref="oval:com.ubuntu.xenial:obj:20076752000"/>
> </linux-def:dpkginfo_test>
> <linux-def:dpkginfo_object id="oval:com.ubuntu.xenial:obj:20076752000"
> version="1" comment="The 'drupal7' package.">
> <linux-def:name>drupal7</linux-def:name>
> </linux-def:dpkginfo_object>
If the check return always true, it doesn't make sense...
Thanks.
Regards.
On Wed, Nov 2, 2016 at 11:29 AM, Jesus Linares <jesus at wazuh.com> wrote:
> Hi,
>
> this is from the specific CVE: xenial_libapache-mod-jk: not-affected (1:
> 1.2.40+svn150520-1)
>
> So, if it is not affected for xenial, the check should include the
> "negate" in order to return that is not a vulnerability, right?.
>
> Regards.
>
>
> On Fri, Oct 28, 2016 at 9:10 PM, Seth Arnold <seth.arnold at canonical.com>
> wrote:
>
>> On Fri, Oct 28, 2016 at 11:19:21AM +0200, Jesus Linares wrote:
>> > I think this test should have the "negate" due to the comment "While
>> > related to the CVE in some way, the 'libapache-mod-jk' package in*
>> xenial
>> > is not affected*". So, maybe the input of the script is wrong?. Where is
>> > the input?.
>>
>> The input is from the ubuntu-cve-tracker bzr tree;
>>
>> https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master
>>
>> In the case of this specific CVE:
>>
>> http://bazaar.launchpad.net/~ubuntu-security/ubuntu-cve-trac
>> ker/master/view/head:/active/CVE-2014-8111
>>
>> Thanks
>>
>> --
>> ubuntu-hardened mailing list
>> ubuntu-hardened at lists.ubuntu.com
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened
>>
>>
>
>
> --
> *Jesus Linares*
> *IT Security Engineer*
>
>
--
*Jesus Linares*
*IT Security Engineer*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20170704/1bf00dd9/attachment.html>
More information about the ubuntu-hardened
mailing list