Arravindh: psiphon.exe doesn't show as vulnerable

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)

https://fleetdm.com

Other

3.12k stars 431 forks source link

Arravindh: psiphon.exe doesn't show as vulnerable #15582

Closed Ringoshere closed 10 months ago

Ringoshere commented 11 months ago

Fleet version: TODO

Web browser and operating system: TODO

💥 Actual behavior

Arravindh: psiphon.exe doesn't show as vulnerable

🧑‍💻 Steps to reproduce

TODO
TODO

🕯️ More info (optional)

N/A

xpkoala commented 11 months ago

@Ringoshere do you have any more context on this item? Could you link to the NVD CVE that is not flagging with this executable?

Ringoshere commented 11 months ago

@xpkoala all I have is this conversation. After he did a self service signup he was messaged through Mike's Linkedin:

xpkoala commented 11 months ago

@Ringoshere I haven't been able to pinpoint the software version or CVE that might be relevant to what the user is reporting. If possible could you get back in touch with the reporter and collect:

App name (I assume psiphon, but sometimes binary names don't match product names)
Software version
Operating system the software is installed on
CVE that is associated with the vulnerable software

Unfortunately without this information it isn't feasible to investigate further.

Ringoshere commented 11 months ago

@xpkoala Ah ok thank you Reed. Mike has messaged him but will let him know and tag him in this. 🙏

sharon-fdm commented 11 months ago

Duplicate with https://github.com/fleetdm/fleet/issues/15251

fleet-release commented 11 months ago

Psiphon now secured, In Fleet's trusted embrace. Users rest at ease.

sharon-fdm commented 11 months ago

cc: @noahtalerman

mikermcneil commented 11 months ago

A bit more context, in case it helps us reproduce.

That said, this context aside, one approach that comes to mind for me is to look up the most recent vulnerable version of psiphon.exe according to NVD, then install that and see if it’s properly detected. Have we tried that yet? @xpkoala @sharon-fdm @lukeheath

xpkoala commented 10 months ago

Jumping back into this one, I haven't been able to find any CVE associated with psiphon, psiphon.exe, or psiphon3. I have checked the NVD page itself as well as a handful of google-fu searches with no luck.

I do see that Citizen Lab sent out a report a handful of years ago stating their product was being repackaged with a Remote Access Trojan included in the packaging, but alas no CVE was attached and since this wasn't a vulnerability in the product it shouldn't have had a CVE created for the psiphon software.

After installing psiphon3 on a Windows machine I am not seeing any reported CVE through Fleet.

I think at this time we should close the issue unless we have more information on the specific version of psiphon, the CVE encountered, or some other item to look into.

xpkoala commented 10 months ago

Closing this one out as we do not have sufficient information to move forward at this time. Please re-open the ticket if the issue persists and more information can be provided.

fleet-release commented 10 months ago

Psiphon's veil lifts, In Fleet's light, no flaws hidden. Safety in clear sight.