search

fedoraredteam / elem

Enterprise Linux Exploit Mapper
GNU General Public License v3.0
28 stars 5 forks source link

`elem host assess` misses CVE-2-14-6271 #80

Closed jason-callaway closed 6 years ago

jason-callaway commented 6 years ago

After applying the Shell Shock vulnerability with the cyber-range-target role, elem assess host misses the open CVE.

[root@cr-target-1 ~]# cat site.yml
---
- hosts: localhost
  connection: local
  become: true
  roles:
    - cyber-range-target
  vars:
    cves_to_test:
    - CVE-2014-6271
[root@cr-target-1 ~]# ansible-playbook site.yml 
 [WARNING]: Could not match supplied host pattern, ignoring: all

 [WARNING]: provided hosts list is empty, only localhost is available

PLAY [localhost] ****************************************************************************************

TASK [Gathering Facts] **********************************************************************************
ok: [localhost]

TASK [cyber-range-target : Cyber Test Range Target | Install Yum Security Plugin] ***********************
skipping: [localhost]

TASK [cyber-range-target : Cyber Test Range Target | Ensure Custom Facts Directory Exists] **************
ok: [localhost]

TASK [cyber-range-target : Cyber Test Range Target | Install Custom Fact Module for CVE's] **************
ok: [localhost]

TASK [cyber-range-target : Cyber Test Range Target | Install Custom Fact Module for CPE] ****************
ok: [localhost]

TASK [cyber-range-target : Cyber Test Range Target | Install Custom Fact Module for Available Packages] ***
ok: [localhost]

TASK [cyber-range-target : Cyber Test Range Target | Obtain CVE Information] ****************************
ok: [localhost] => (item=CVE-2014-6271)

TASK [cyber-range-target : Cyber Test Range Target | Build Package Information] *************************
ok: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:enterprise_linux:5)
ok: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:enterprise_linux:6)
ok: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:enterprise_linux:7)
ok: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_els:4)
ok: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_eus:5.9)
ok: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_eus:6.4)
ok: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_mission_critical:5.6)
ok: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_mission_critical:6.2)
ok: [localhost] => (item=CVE-2014-6271 - cpe:/a:redhat:rhel_sjis:5)
ok: [localhost] => (item=CVE-2014-6271 - cpe:/a:redhat:rhel_sjis:6)
ok: [localhost] => (item=CVE-2014-6271 - cpe:/a:redhat:rhev_manager:3)

TASK [cyber-range-target : Cyber Test Range Target | Set SELinux State] *********************************
ok: [localhost]

TASK [cyber-range-target : Cyber Test Range Target | Install Git and Python Virtualenv] *****************
ok: [localhost]

TASK [cyber-range-target : Cyber Test Range Target | Install Appropriate Packages Not Kernel] ***********
skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:enterprise_linux:5) 
skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:enterprise_linux:6) 
skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:enterprise_linux:7) 
skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_els:4) 
skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_eus:5.9) 
skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_eus:6.4) 
skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_mission_critical:5.6) 
skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_mission_critical:6.2) 
skipping: [localhost] => (item=CVE-2014-6271 - cpe:/a:redhat:rhel_sjis:5) 
skipping: [localhost] => (item=CVE-2014-6271 - cpe:/a:redhat:rhel_sjis:6) 
skipping: [localhost] => (item=CVE-2014-6271 - cpe:/a:redhat:rhev_manager:3) 

TASK [cyber-range-target : Cyber Test Range Target | Install Different Kernel Version if Necessary] *****
skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:enterprise_linux:5) 
skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:enterprise_linux:6) 
skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:enterprise_linux:7) 
skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_els:4) 
skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_eus:5.9) 
skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_eus:6.4) 
skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_mission_critical:5.6) 
skipping: [localhost] => (item=CVE-2014-6271 - cpe:/o:redhat:rhel_mission_critical:6.2) 
skipping: [localhost] => (item=CVE-2014-6271 - cpe:/a:redhat:rhel_sjis:5) 
skipping: [localhost] => (item=CVE-2014-6271 - cpe:/a:redhat:rhel_sjis:6) 
skipping: [localhost] => (item=CVE-2014-6271 - cpe:/a:redhat:rhev_manager:3) 

TASK [cyber-range-target : Cyber Test Range Target | Set Fact for Changed Kernel] ***********************
ok: [localhost]

TASK [cyber-range-target : Cyber Test Range Target | Add Script to Remove Unecessary Kernels] ***********
skipping: [localhost]

TASK [cyber-range-target : Cyber Test Range Target | Add One Time Service to Remove Kernels - EL 7] *****
skipping: [localhost]

TASK [cyber-range-target : Cyber Test Range Target | Enable One Time Service to Remove Kernels - EL 7] ***
skipping: [localhost]

TASK [cyber-range-target : Cyber Test Range Target | Restart Host to Effect Kernel Change] **************
skipping: [localhost]

PLAY RECAP **********************************************************************************************
localhost                  : ok=10   changed=0    unreachable=0    failed=0   

[root@cr-target-1 ~]# x='() { :;}; echo VULNERABLE' bash -c :
VULNERABLE
[root@cr-target-1 ~]# yum updateinfo list cves
Loaded plugins: product-id, search-disabled-repos, subscription-manager
 CVE-2014-6271 Critical/Sec.  bash-4.2.45-5.el7_0.2.x86_64
 CVE-2014-7169 Important/Sec. bash-4.2.45-5.el7_0.4.x86_64
 CVE-2014-7186 Important/Sec. bash-4.2.45-5.el7_0.4.x86_64
 CVE-2014-7187 Important/Sec. bash-4.2.45-5.el7_0.4.x86_64
 CVE-2016-0634 Moderate/Sec.  bash-4.2.46-28.el7.x86_64
 CVE-2016-7543 Moderate/Sec.  bash-4.2.46-28.el7.x86_64
 CVE-2016-9401 Moderate/Sec.  bash-4.2.46-28.el7.x86_64
updateinfo list done
[root@cr-target-1 ~]# elem host assess --curation ./curation
INFO - 2018-02-01 09:32:44,963 - 
[root@cr-target-1 ~]#
jason-callaway commented 6 years ago

Operator error, didn't realize that I have to manually clone elem-curation