Once I saw how many critical vulnerabilities there were, I told my client fuggetaboutit, there's too much to track, instead let's work out how to keep your systems up to date on OS vendor patches.
On Tue, Aug 18, 2015 at 4:38 AM, Paul DiSciascio <the...@bytemonkey.net> wrote: > On a related note, I'd be curious to know how you plan to map what's in > this database to package versions on the systems you're auditing. I > tried to tackle this years ago and determined that there would be too > much manual effort to keep that sort of mapping up to date. > > For example, some vulnerability in package-2.3.1 that gets fixed in > package-2.3.2 upstream might be patched in package-2.3.1-a as provided > by RedHat, and NIST's data will indicate that 2.3.1 is vulnerable. > > Does anyone know if there is another data source available to help with > this correlation? > > Thanks, > Paul > > > On 8/17/15 11:29 PM, Aleksey Tsalolikhin wrote: > > Thanks for your kind replies. Once I got home and put the kidlet to bed > > and my life became nice and quiet and calm, I actually had no trouble > > getting 2cvs to work: > > > > 2csv entry vuln:cve-id vuln:cvss/cvss:base_metrics/cvss:score > > vuln:summary < nvdcve-2.0-2015.flat > nvdcve-2.0-2015.csv > > > > Thanks for the pointers to cvskit though and the PowerShell script! =) > > > > On Mon, Aug 17, 2015 at 7:47 PM, Rickard, Josh A. <ricka...@missouri.edu > > <mailto:ricka...@missouri.edu>> wrote: > > > > If you’re interested in using PowerShell you could do the > following:____ > > > > __ __ > > > > $vulninfo= Invoke-WebRequest -Uri > > "http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-recent.xml"____ > > > > __ __ > > > > $entry= $vulninfo.nvd.entry____ > > > > __ __ > > > > $temphostobject= @()____ > > > > $vulnhostobject= @()____ > > > > __ __ > > > > #loop through each entry node____ > > > > ForEach($cvesin $entry){____ > > > > __ __ > > > > IF($cves.cvss.'base_metrics'.score -gt 7){____ > > > > $objectproperties = @{cve=$($cves.'cve-id');____ > > > > > > cvss=$($cves.cvss.'base_metrics'.score);____ > > > > summary=$($cves.summary)____ > > > > }____ > > > > __ __ > > > > $temphostobject = New-Object PSObject -Property > > $objectproperties____ > > > > $vulnhostobject += $temphostobject____ > > > > }____ > > > > }____ > > > > __ __ > > > > $vulnhostobject| ft ____ > > > > __ __ > > > > __ __ > > > > I could add some features and make it an advanced function, but this > > should give you an object that you can return and add to another > > function or do other fun stuff with.____ > > > > __ __ > > > > Let me know if you need any other help.____ > > > > __ __ > > > > Thanks,____ > > > > __ __ > > > > *Josh Rickard*____ > > > > Security Analyst____ > > > > Information Security and Access Management____ > > > > Division of Information Technology____ > > > > University of Missouri____ > > > > (573) 884-6280 <tel:%28573%29%20884-6280> |ricka...@missouri.edu > > <mailto:ricka...@missouri.edu>____ > > > > ACA | GCWN | GCFA____ > > > > __ __ > > > > *From:*tech-boun...@lists.lopsa.org > > <mailto:tech-boun...@lists.lopsa.org> > > [mailto:tech-boun...@lists.lopsa.org > > <mailto:tech-boun...@lists.lopsa.org>] *On Behalf Of *Aleksey > > Tsalolikhin > > *Sent:* Monday, August 17, 2015 8:57 PM > > *To:* t...@lopsa.org <mailto:t...@lopsa.org> > > *Subject:* [lopsa-tech] getting a list of critical vulnerabilities > > from the NVD at NIST____ > > > > __ __ > > > > Hello,____ > > > > __ __ > > > > I want to get a list of Critical (CVSS > 7) CVE's for a security > > vulnerability assessment for a client. > > ____ > > > > __ __ > > > > Scored CVEs are available from https://nvd.nist.gov/download.cfm > > through a set of XML feeds. The nice NIST web site says:____ > > > > __ __ > > > > A common way to use the feeds is to perform a one-time import of all > > of the main XML vulnerability feeds and then use the "modified" > > feeds to keep up-to-date.____ > > > > __ __ > > > > I thought I'd start out by figuring out how to convert the 2015 XML > > to CSV. I got halfway there:____ > > > > __ __ > > > > $ xml2 < nvdcve-2.0-2015.xml > nvdcve-2.0-2015.flat____ > > > > $ 2csv < nvdcve-2.0-2015.flat > nvdcve-2.0-2015.csv____ > > > > usage: 2csv record field [field ...] < in > csv____ > > > > $____ > > > > __ __ > > > > There is no documentation for 2csv that I could find... I'm now > > banging my head against it, trial and error...____ > > > > __ __ > > > > I might end up just grepping the data I need out of the flat file. > > All I'm looking for is CVE ID, Summary and CVSS score. Has anybody > > been down this path already?____ > > > > __ __ > > > > -- ____ > > > > Need CFEngine training? Email train...@verticalsysadmin.com > > <mailto:train...@verticalsysadmin.com>____ > > > > > > > > > > -- > > Need CFEngine training? Email train...@verticalsysadmin.com > > <mailto:train...@verticalsysadmin.com> > > > > > > _______________________________________________ > > Tech mailing list > > Tech@lists.lopsa.org > > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > > This list provided by the League of Professional System Administrators > > http://lopsa.org/ > > > _______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > -- Need CFEngine training? Email train...@verticalsysadmin.com
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
