Blade ZipKit - OpenSSL Vulnerability Compliance (CVE-2015-1793)
Blade ZipKit Package Info
Name: OpenSSL Vulnerability Compliance (CVE-2015-1793)
Type:Component Template + Jobs
BSA Job Compatible Version: 8.5.x
Created by: Richard McLeod
Tested version on: 8.5.01.260
Tested against host running: Red Hat
This compliance checks for vulnerable versions of openssl by using a local extended object within a component template. This should be considered an expansion on the posting from (Robert Stinnett - OpenSSL CVE-2015-1793 Forgery Check). The vulnerability affects various versions of openssl: 1.0.1n, 1.0.1o, 1.0.2b, 1.0.2c. The compliance rule checks that the return data from the extended object does not contain these version numbers and will mark those components/servers compliant.
OpenSSL Advisory: https://www.openssl.org/news/secadv_20150709.txt
I've attached two zip files:
1. openssl-CVE-2015-1793-component_template_only.zip - A version neutral export of the component template
--To install, Navigate to the component templates space, right click a destination folder and choose Import. Step through the dialogs
2. openssl-CVE-2015-1793-dc-8.5.01.260_jobs_and_template - Discovery and Compliance Jobs plus the component template only importable to BSA 8.5.01.260.
--To install, Extract the zip to a folder you can access via BSA console, Navigate to the jobs space, right click a destination folder and choose Import. Step through the dialogs and simply run the batch job (openssl-CVE-2015-1793-dc) against linux targets.