sharon-fdm
commented
12 months ago @mostlikelee was this reported by a customer or community?
Closed mostlikelee closed 11 months ago
sharon-fdm
commented
12 months ago @mostlikelee was this reported by a customer or community?
mostlikelee
commented
12 months ago @mostlikelee was this reported by a customer or community?
I believe a customer, here is the original slack thread: https://fleetdm.slack.com/archives/C019WG4GH0A/p1700582838919409
mostlikelee
commented
12 months ago 1pt estimate is to timebox a spike on this and figure out the scope|do|wontdo
jahzielv
commented
11 months ago Tim, Lucas and I have checked; unfortunately this application doesn't seem to have a CPE in NVD's records, so Fleet can't check it for vulnerabilities. One possible workaround that @lucasmrod suggested was to put together a specific query to check for that application using the hash table. I recommend we close this as won't resolve.
sharon-fdm
commented
11 months ago cc: @noahtalerman
sharon-fdm
commented
11 months ago From @jahzielv : https://citizenlab.ca/2014/03/maliciously-repackaged-psiphon/
jahzielv
commented
11 months ago This is an example query could use to detect the vulnerable software:
SELECT path FROM hash WHERE directory = "C:\path\to\install\location" AND md5 = "28bf01f67db4a5e8e6174b066775eae0"The MD5 value is the one given in the article linked above. If the version in question is different, the MD5 value can be replaced with the correct one.
fleet-release
commented
11 months ago Psiphon flaw hidden, Fleet scans with clear vision, Safety's path is written.
Fleet version: N/A <!-- Copy this from the "My account" page in the Fleet UI, or run
fleetctl --version-->Web browser and operating system: Windows, version N/A
💥 Actual behavior
A vulnerable version of psiphon was not picked up during vulnerability processing.
🧑💻 Steps to reproduce
🕯️ More info (optional)
Private Zenhub Image