As I see it, you either trust your distro, or you pay one of the vulnerability
scanner companies to track such things (and deal with the errors that happen
anyway)
And then you keep an ear out for critical things that haven't made it to the
updates yet anyway.
David Lang
On Tue, 18 Aug 2015, Paul DiSciascio wrote:
Date: Tue, 18 Aug 2015 07:38:57 -0400
From: Paul DiSciascio <the...@bytemonkey.net>
To: tech@lists.lopsa.org
Subject: Re: [lopsa-tech] getting a list of critical vulnerabilities from the
NVD at NIST
On a related note, I'd be curious to know how you plan to map what's in
this database to package versions on the systems you're auditing. I
tried to tackle this years ago and determined that there would be too
much manual effort to keep that sort of mapping up to date.
For example, some vulnerability in package-2.3.1 that gets fixed in
package-2.3.2 upstream might be patched in package-2.3.1-a as provided
by RedHat, and NIST's data will indicate that 2.3.1 is vulnerable.
Does anyone know if there is another data source available to help with
this correlation?
Thanks,
Paul
On 8/17/15 11:29 PM, Aleksey Tsalolikhin wrote:
Thanks for your kind replies. Once I got home and put the kidlet to bed
and my life became nice and quiet and calm, I actually had no trouble
getting 2cvs to work:
2csv entry vuln:cve-id vuln:cvss/cvss:base_metrics/cvss:score
vuln:summary < nvdcve-2.0-2015.flat > nvdcve-2.0-2015.csv
Thanks for the pointers to cvskit though and the PowerShell script! =)
On Mon, Aug 17, 2015 at 7:47 PM, Rickard, Josh A. <ricka...@missouri.edu
<mailto:ricka...@missouri.edu>> wrote:
If you’re interested in using PowerShell you could do the following:____
__ __
$vulninfo= Invoke-WebRequest -Uri
"http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-recent.xml"____
__ __
$entry= $vulninfo.nvd.entry____
__ __
$temphostobject= @()____
$vulnhostobject= @()____
__ __
#loop through each entry node____
ForEach($cvesin $entry){____
__ __
IF($cves.cvss.'base_metrics'.score -gt 7){____
$objectproperties = @{cve=$($cves.'cve-id');____
cvss=$($cves.cvss.'base_metrics'.score);____
summary=$($cves.summary)____
}____
__ __
$temphostobject = New-Object PSObject -Property
$objectproperties____
$vulnhostobject += $temphostobject____
}____
}____
__ __
$vulnhostobject| ft ____
__ __
__ __
I could add some features and make it an advanced function, but this
should give you an object that you can return and add to another
function or do other fun stuff with.____
__ __
Let me know if you need any other help.____
__ __
Thanks,____
__ __
*Josh Rickard*____
Security Analyst____
Information Security and Access Management____
Division of Information Technology____
University of Missouri____
(573) 884-6280 <tel:%28573%29%20884-6280> |ricka...@missouri.edu
<mailto:ricka...@missouri.edu>____
ACA | GCWN | GCFA____
__ __
*From:*tech-boun...@lists.lopsa.org
<mailto:tech-boun...@lists.lopsa.org>
[mailto:tech-boun...@lists.lopsa.org
<mailto:tech-boun...@lists.lopsa.org>] *On Behalf Of *Aleksey
Tsalolikhin
*Sent:* Monday, August 17, 2015 8:57 PM
*To:* t...@lopsa.org <mailto:t...@lopsa.org>
*Subject:* [lopsa-tech] getting a list of critical vulnerabilities
from the NVD at NIST____
__ __
Hello,____
__ __
I want to get a list of Critical (CVSS > 7) CVE's for a security
vulnerability assessment for a client.
____
__ __
Scored CVEs are available from https://nvd.nist.gov/download.cfm
through a set of XML feeds. The nice NIST web site says:____
__ __
A common way to use the feeds is to perform a one-time import of all
of the main XML vulnerability feeds and then use the "modified"
feeds to keep up-to-date.____
__ __
I thought I'd start out by figuring out how to convert the 2015 XML
to CSV. I got halfway there:____
__ __
$ xml2 < nvdcve-2.0-2015.xml > nvdcve-2.0-2015.flat____
$ 2csv < nvdcve-2.0-2015.flat > nvdcve-2.0-2015.csv____
usage: 2csv record field [field ...] < in > csv____
$____
__ __
There is no documentation for 2csv that I could find... I'm now
banging my head against it, trial and error...____
__ __
I might end up just grepping the data I need out of the flat file.
All I'm looking for is CVE ID, Summary and CVSS score. Has anybody
been down this path already?____
__ __
-- ____
Need CFEngine training? Email train...@verticalsysadmin.com
<mailto:train...@verticalsysadmin.com>____
--
Need CFEngine training? Email train...@verticalsysadmin.com
<mailto:train...@verticalsysadmin.com>
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
