From 0eef7551303e3fc855809d84eed8421d2a075cfa Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Thu, 26 Nov 2015 21:52:25 +0100 Subject: Add (guix cve). * guix/cve.scm, tests/cve-sample.xml, tests/cve.scm: New files. * Makefile.am (MODULES): Add guix/cve.scm. (SCM_TESTS): Add tests/cve.scm. (EXTRA_DIST): Add tests/cve-sample.scm. --- tests/cve-sample.xml | 616 +++++++++++++++++++++++++++++++++++++++++++++++++++ tests/cve.scm | 69 ++++++ 2 files changed, 685 insertions(+) create mode 100644 tests/cve-sample.xml create mode 100644 tests/cve.scm (limited to 'tests') diff --git a/tests/cve-sample.xml b/tests/cve-sample.xml new file mode 100644 index 0000000000..ce158490f1 --- /dev/null +++ b/tests/cve-sample.xml @@ -0,0 +1,616 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + cpe:/o:microsoft:windows_2000::sp2:professional + cpe:/o:linux:linux_kernel:2.4.4 + cpe:/o:microsoft:windows_2000_terminal_services::sp1 + cpe:/o:microsoft:windows_2000::sp1:advanced_server + cpe:/o:linux:linux_kernel:2.4.19 + cpe:/o:microsoft:windows_2000::sp2:advanced_server + cpe:/o:microsoft:windows_2000_terminal_services + cpe:/o:microsoft:windows_2000:::advanced_server + cpe:/o:linux:linux_kernel:2.4.20 + cpe:/o:netbsd:netbsd:1.5.1 + cpe:/o:microsoft:windows_2000_terminal_services::sp2 + cpe:/o:netbsd:netbsd:1.5.3 + cpe:/o:netbsd:netbsd:1.5.2 + cpe:/o:linux:linux_kernel:2.4.6 + cpe:/o:linux:linux_kernel:2.4.9 + cpe:/o:microsoft:windows_2000:::datacenter_server + cpe:/o:netbsd:netbsd:1.6 + cpe:/o:netbsd:netbsd:1.5 + cpe:/o:linux:linux_kernel:2.4.7 + cpe:/o:linux:linux_kernel:2.4.8 + cpe:/o:microsoft:windows_2000::sp1:datacenter_server + cpe:/o:microsoft:windows_2000::sp2:datacenter_server + cpe:/o:freebsd:freebsd:4.3 + cpe:/o:linux:linux_kernel:2.4.10 + cpe:/o:microsoft:windows_2000::sp1:server + cpe:/o:freebsd:freebsd:4.5 + cpe:/o:linux:linux_kernel:2.4.12 + cpe:/o:freebsd:freebsd:4.2 + cpe:/o:freebsd:freebsd:4.7 + cpe:/o:freebsd:freebsd:4.4 + cpe:/o:freebsd:freebsd:4.6 + cpe:/o:microsoft:windows_2000::sp2:server + cpe:/o:linux:linux_kernel:2.4.18 + cpe:/o:linux:linux_kernel:2.4.1 + cpe:/o:linux:linux_kernel:2.4.15 + cpe:/o:microsoft:windows_2000:::server + cpe:/o:linux:linux_kernel:2.4.17 + cpe:/o:linux:linux_kernel:2.4.14 + cpe:/o:linux:linux_kernel:2.4.2 + cpe:/o:microsoft:windows_2000:::professional + cpe:/o:linux:linux_kernel:2.4.11 + cpe:/o:linux:linux_kernel:2.4.5 + cpe:/o:linux:linux_kernel:2.4.16 + cpe:/o:microsoft:windows_2000::sp1:professional + cpe:/o:linux:linux_kernel:2.4.13 + cpe:/o:linux:linux_kernel:2.4.3 + + CVE-2003-0001 + 2003-01-17T00:00:00.000-05:00 + 2015-11-24T13:05:47.073-05:00 + + + 5.0 + NETWORK + LOW + NONE + PARTIAL + NONE + NONE + http://nvd.nist.gov + 2015-11-24T12:23:33.593-05:00 + + + + + + CERT-VN + VU#412115 + + + BUGTRAQ + 20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE + + + BUGTRAQ + 20030117 Re: More information regarding Etherleak + + + BUGTRAQ + 20030106 Etherleak: Ethernet frame padding information leakage (A010603-1) + + + REDHAT + RHSA-2003:088 + + + REDHAT + RHSA-2003:025 + + + OSVDB + 9962 + + + CONFIRM + http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html + + + MISC + http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf + + + ATSTAKE + A010603-1 + + + FULLDISC + 20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE + + + MISC + http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html + + + BUGTRAQ + 20030110 More information regarding Etherleak + + + VULNWATCH + 20030110 More information regarding Etherleak + + + + + Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. + + + + + + + + + cpe:/a:tcp:tcp + + CVE-2004-0230 + 2004-08-18T00:00:00.000-04:00 + 2015-11-24T13:06:40.597-05:00 + + + 5.0 + NETWORK + LOW + NONE + NONE + NONE + PARTIAL + http://nvd.nist.gov + 2015-11-24T12:17:30.930-05:00 + + + + + + + + + CERT + TA04-111A + + + CERT-VN + VU#415294 + + + CONFIRM + https://kc.mcafee.com/corporate/index?page=content&id=SB10053 + + + XF + tcp-rst-dos(15886) + + + VUPEN + ADV-2006-3983 + + + MISC + http://www.uniras.gov.uk/vuls/2004/236929/index.htm + + + BID + 10183 + + + BUGTRAQ + 20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE + + + HP + SSRT061264 + + + OSVDB + 4030 + + + CONFIRM + http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html + + + MS + MS06-064 + + + MS + MS05-019 + + + CISCO + 20040420 TCP Vulnerabilities in Multiple IOS-Based Cisco Products + + + FULLDISC + 20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE + + + MISC + http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html + + + HP + SSRT4696 + + + BUGTRAQ + 20040425 Perl code exploting TCP not checking RST ACK. + + + CONFIRM + http://kb.juniper.net/JSA10638 + + + SGI + 20040403-01-A + + + SCO + SCOSA-2005.14 + + + SCO + SCOSA-2005.9 + + + SCO + SCOSA-2005.3 + + + NETBSD + NetBSD-SA2004-006 + + + + + + + + + + + + + + + + + TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP. + + + + + + + + + + cpe:/a:vastal:phpvid:1.1 + cpe:/a:vastal:phpvid:1.2 + + CVE-2008-2335 + 2008-05-19T09:20:00.000-04:00 + 2015-11-24T11:45:25.057-05:00 + + + 4.3 + NETWORK + MEDIUM + NONE + NONE + PARTIAL + NONE + http://nvd.nist.gov + 2015-11-24T10:50:05.737-05:00 + + + + + XF + phpvid-query-xss(42450) + + + VUPEN + ADV-2008-2552 + + + BID + 29238 + + + MILW0RM + 6422 + + + EXPLOIT-DB + 27519 + + + MISC + http://tetraph.com/security/xss-vulnerability/vastal-i-tech-phpvid-1-2-3-multiple-xss-cross-site-scripting-security-vulnerabilities/ + + + FULLDISC + 20150310 Vastal I-tech phpVID 1.2.3 Multiple XSS (Cross-site Scripting) Security Vulnerabilities + + + MISC + http://packetstormsecurity.com/files/130755/Vastal-I-tech-phpVID-1.2.3-Cross-Site-Scripting.html + + + MISC + http://packetstormsecurity.com/files/122746/PHP-VID-XSS-SQL-Injection-CRLF-Injection.html + + + OSVDB + 45171 + + + MISC + http://holisticinfosec.org/content/view/65/45/ + + Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 1.2.3 is also affected. + + + + + + + + + + + + + + cpe:/a:redhat:enterprise_virtualization:3.5 + cpe:/a:jasper_project:jasper:1.900.1 + + CVE-2008-3522 + 2008-10-02T14:18:05.790-04:00 + 2015-11-24T11:46:04.933-05:00 + + + 10.0 + NETWORK + LOW + NONE + COMPLETE + COMPLETE + COMPLETE + http://nvd.nist.gov + 2015-11-24T10:05:46.467-05:00 + + + ALLOWS_ADMIN_ACCESS + + + XF + jasper-jasstreamprintf-bo(45623) + + + UBUNTU + USN-742-1 + + + BID + 31470 + + + MANDRIVA + MDVSA-2009:164 + + + MANDRIVA + MDVSA-2009:144 + + + MANDRIVA + MDVSA-2009:142 + + + GENTOO + GLSA-200812-18 + + + REDHAT + RHSA-2015:0698 + + + MISC + http://bugs.gentoo.org/show_bug.cgi?id=222819 + + + MISC + http://bugs.gentoo.org/attachment.cgi?id=163282&action=view + + Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + cpe:/o:canonical:ubuntu_linux:10.04::~~lts~~~ + cpe:/o:canonical:ubuntu_linux:8.04:-:lts + cpe:/o:canonical:ubuntu_linux:10.10 + cpe:/a:sun:openoffice.org:2.1.0 + cpe:/a:sun:openoffice.org:2.3.0 + cpe:/a:sun:openoffice.org:2.2.1 + + + CVE-2009-3301 + 2010-02-16T14:30:00.533-05:00 + 2015-11-17T10:59:44.723-05:00 + + + 9.3 + NETWORK + MEDIUM + NONE + COMPLETE + COMPLETE + COMPLETE + http://nvd.nist.gov + 2015-11-17T10:02:50.097-05:00 + + + + + + CERT + TA10-287A + + + CONFIRM + https://bugzilla.redhat.com/show_bug.cgi?id=533038 + + + XF + openoffice-word-sprmtdeftable-bo(56240) + + + VUPEN + ADV-2010-2905 + + + VUPEN + ADV-2010-0635 + + + VUPEN + ADV-2010-0366 + + + UBUNTU + USN-903-1 + + + BID + 38218 + + + REDHAT + RHSA-2010:0101 + + + CONFIRM + http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html + + + CONFIRM + http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html + + + CONFIRM + http://www.openoffice.org/security/bulletin.html + + + MANDRIVA + MDVSA-2010:221 + + + GENTOO + GLSA-201408-19 + + + DEBIAN + DSA-1995 + + + SECTRACK + 1023591 + + + SUSE + SUSE-SA:2010:017 + + + + + Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document. + + + CVE-2015-8330 + 2015-11-24T15:59:25.897-05:00 + 2015-11-24T15:59:26.930-05:00 + + MISC + https://www.onapsis.com/blog/analyzing-sap-security-notes-november-2015 + + + MISC + http://erpscan.com/advisories/erpscan-15-032-sap-pco-agent-dos-vulnerability/ + + The PCo agent in SAP Plant Connectivity (PCo) allows remote attackers to cause a denial of service (memory corruption and agent crash) via crafted xMII requests, aka SAP Security Note 2238619. + + diff --git a/tests/cve.scm b/tests/cve.scm new file mode 100644 index 0000000000..26bc560e52 --- /dev/null +++ b/tests/cve.scm @@ -0,0 +1,69 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2015 Ludovic Courtès +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (test-cve) + #:use-module (guix cve) + #:use-module (srfi srfi-1) + #:use-module (srfi srfi-64)) + +(define %sample + (search-path %load-path "tests/cve-sample.xml")) + +(define (vulnerability id packages) + (make-struct (@@ (guix cve) ) 0 id packages)) + +(define %expected-vulnerabilities + ;; What we should get when reading %SAMPLE. + (list + ;; CVE-2003-0001 has no "/a" in its product list so it is omitted. + ;; CVE-2004-0230 lists "tcp" as an application, but lacks a version number. + (vulnerability "CVE-2008-2335" '(("phpvid" . "1.1") ("phpvid" . "1.2"))) + (vulnerability "CVE-2008-3522" '(("enterprise_virtualization" . "3.5") + ("jasper" . "1.900.1"))) + (vulnerability "CVE-2009-3301" '(("openoffice.org" . "2.1.0") + ("openoffice.org" . "2.3.0") + ("openoffice.org" . "2.2.1"))) + ;; CVE-2015-8330 has no software list. + )) + + +(test-begin "cve") + +(test-equal "xml->vulnerabilities" + %expected-vulnerabilities + (call-with-input-file %sample xml->vulnerabilities)) + +(test-equal "" + (list `(("1.1" . ,(first %expected-vulnerabilities)) + ("1.2" . ,(first %expected-vulnerabilities))) + '() + '() + (list (second %expected-vulnerabilities)) + (list (third %expected-vulnerabilities))) + (let* ((vulns (call-with-input-file %sample xml->vulnerabilities)) + (lookup (vulnerabilities->lookup-proc vulns))) + (list (lookup "phpvid") + (lookup "jasper" "2.0") + (lookup "foobar") + (lookup "jasper" "1.900.1") + (lookup "openoffice.org" "2.3.0")))) + +(test-end "cve") + + +(exit (= (test-runner-fail-count (test-runner-current)) 0)) -- cgit v1.2.3