Blade ZipKit - OpenSSL Vulnerability Compliance (CVE-2015-1793)

Version 5
    Share:|

    Blade ZipKit - OpenSSL Vulnerability Compliance (CVE-2015-1793)

    Blade ZipKit Package Info

    Name: OpenSSL Vulnerability Compliance (CVE-2015-1793)

    Type:Component Template + Jobs

    BSA Job Compatible Version: 8.5.x

    Version: 1.0

    Created by: Richard McLeod

    Tested version on: 8.5.01.260

    Tested against host running: Red Hat

     

    This compliance checks for vulnerable versions of openssl by using a local extended object within a component template. This should be considered an expansion on the posting from (Robert Stinnett - OpenSSL CVE-2015-1793 Forgery Check). The vulnerability affects various versions of openssl: 1.0.1n, 1.0.1o, 1.0.2b, 1.0.2c. The compliance rule checks that the return data from the extended object does not contain these version numbers and will mark those components/servers compliant.

     

    OpenSSL Advisory: https://www.openssl.org/news/secadv_20150709.txt

     

    I've attached two zip files:

    1. openssl-CVE-2015-1793-component_template_only.zip - A version neutral export of the component template

    --To install, Navigate to the component templates space, right click a destination folder and choose Import. Step through the dialogs

     

    2. openssl-CVE-2015-1793-dc-8.5.01.260_jobs_and_template - Discovery and Compliance Jobs plus the component template only importable to BSA 8.5.01.260.

    --To install, Extract the zip to a folder you can access via BSA console, Navigate to the jobs space, right click a destination folder and choose Import. Step through the dialogs and simply run the batch job (openssl-CVE-2015-1793-dc) against linux targets.