New AIX OVALs

We generated 3 new OVALs to cover the AIX vulnerabilities described in CVE-2005-3396, CVE-2007-4623 and CVE-2008-1274. They use the newly introduced AIX schema.


Thanks,
Yuzheng Zhou



To unsubscribe, send an email message to LISTSERV@... with
SIGNOFF OVAL-DISCUSSION-LIST
in the BODY of the message.  If you have difficulties, write to OVAL-DISCUSSION-LIST-request@....

<?xml version="1.0" encoding="UTF-8"?>
<oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:aix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" xmlns:unix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#aix aix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd">
  <generator>
    <oval:product_name>Hewlett-Packard</oval:product_name>
    <oval:schema_version>5.4</oval:schema_version>
    <oval:timestamp>2008-04-11T15:10:44.000-05:00</oval:timestamp>
  </generator>
  <definitions>
    <definition id="oval:com.hp.oval:def:20080411001" version="0" class="vulnerability">
      <metadata>
        <title>IBM AIX buffer overflow in chcon command has unspecified impact</title>
        <affected family="unix">
          <platform>IBM AIX 5.2</platform>
          <platform>IBM AIX 5.3</platform>
        </affected>
        <reference source="CVE" ref_id="CVE-2005-3396" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3396"/>
        <description>Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, when DEBUG MALLOC is enabled, might allow attackers to execute arbitrary code via a long command line argument.</description>
        <oval_repository>
          <dates>
            <submitted date="2008-04-11T15:10:44.000-05:00">
              <contributor organization="Hewlett-Packard">Yuzheng Zhou</contributor>
            </submitted>
          </dates>
          <status>DRAFT</status>
        </oval_repository>
      </metadata>
      <criteria operator="OR" comment="Software Section">
        <criteria operator="AND" comment="IBM AIX 5.2 meets CVE-2005-3396" negate="false">
          <extend_definition comment="IBM AIX 5.2 is installed" definition_ref="oval:com.hp.oval:def:9001"/>
          <criterion comment="All filesets for APAR IY78253 are installed" test_ref="oval:com.hp.oval:tst:20080307001" negate="true"/>
        </criteria>
        <criteria operator="AND" comment="IBM AIX 5.3 meets CVE-2005-3396" negate="false">
          <extend_definition comment="IBM AIX 5.3 is installed" definition_ref="oval:com.hp.oval:def:9002"/>
          <criterion comment="All filesets for APAR IY78241 are installed" test_ref="oval:com.hp.oval:tst:20080307002" negate="true"/>
        </criteria>
      </criteria>
    </definition>
    <definition id="oval:com.hp.oval:def:20080411002" version="0" class="vulnerability">
      <metadata>
        <title>AIX bellmail buffer overflow vulnerability</title>
        <affected family="unix">
          <platform>IBM AIX 5.2</platform>
          <platform>IBM AIX 5.3</platform>
        </affected>
        <reference source="CVE" ref_id="CVE-2007-4623" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4623"/>
        <description>Stack-based buffer overflow in the sendrmt function in bellmail in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via a long parameter to the m command.</description>
        <oval_repository>
          <dates>
            <submitted date="2008-04-11T15:10:44.000-05:00">
              <contributor organization="Hewlett-Packard">Yuzheng Zhou</contributor>
            </submitted>
          </dates>
          <status>DRAFT</status>
        </oval_repository>
      </metadata>
      <criteria operator="OR" comment="Software Section">
        <criteria operator="AND" comment="IBM AIX 5.2 meets CVE-2007-4623" negate="false">
          <criterion comment="The level of fileset bos.net.tcp.client is greater than or equal 5.2.0.0" test_ref="oval:com.hp.oval:tst:20080306001" negate="false"/>
          <criterion comment="The level of fileset bos.net.tcp.client is less than or equal 5.2.0.108" test_ref="oval:com.hp.oval:tst:20080306002" negate="false"/>
        </criteria>
        <criteria operator="AND" comment="IBM AIX 5.3 meets CVE-2007-4623" negate="false">
          <criterion comment="The level of fileset bos.net.tcp.client is greater than or equal 5.3.0.0" test_ref="oval:com.hp.oval:tst:20080306003" negate="false"/>
          <criterion comment="The level of fileset bos.net.tcp.client is less than or equal 5.3.0.64" test_ref="oval:com.hp.oval:tst:20080306004" negate="false"/>
        </criteria>
      </criteria>
    </definition>
    <definition id="oval:com.hp.oval:def:20080311003" version="0" class="vulnerability">
      <metadata>
        <title>IBM AIX "man" Untrusted Binaries Path Privilege Escalation Vulnerability</title>
        <affected family="unix">
          <platform>IBM AIX 5.3</platform>
        </affected>
        <reference source="CVE" ref_id="CVE-2008-1274" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1274"/>
        <description>Untrusted search path vulnerability in man in IBM AIX 5.3 and 6.1 invokes binaries without full pathnames, which allows local users to execute arbitrary code via a malicious program in the man directory.</description>
        <oval_repository>
          <dates>
            <submitted date="2008-04-11T15:10:44.000-05:00">
              <contributor organization="Hewlett-Packard">Yuzheng Zhou</contributor>
            </submitted>
          </dates>
          <status>DRAFT</status>
        </oval_repository>
      </metadata>
      <criteria operator="OR" comment="Software Section">
        <criteria operator="AND" comment="IBM AIX 5.3 meets CVE-2008-1274" negate="false">
          <extend_definition comment="IBM AIX 5.3 is installed" definition_ref="oval:com.hp.oval:def:9002"/>
          <criterion comment="All filesets for APAR IZ17360 are installed" test_ref="oval:com.hp.oval:tst:20080312001" negate="true"/>
          <criterion comment="All filesets for APAR IZ17390 are installed" test_ref="oval:com.hp.oval:tst:20080312002" negate="true"/>
        </criteria>
      </criteria>
    </definition>
    <definition id="oval:com.hp.oval:def:9001" version="0" class="inventory">
      <metadata>
        <title>IBM AIX 5.2 is installed</title>
        <affected family="unix">
          <platform>IBM AIX 5.2</platform>
        </affected>
        <reference source="CPE" ref_id="cpe:/o:ibm:aix:5.2"/>
        <description>The operating system installed on the system is IBM AIX 5.2.</description>
        <oval_repository>
          <dates>
            <submitted date="2008-04-11T12:00:00.000-04:00">
              <contributor organization="Hewlett-Packard">Yuzheng Zhou</contributor>
            </submitted>
          </dates>
          <status>DRAFT</status>
        </oval_repository>
      </metadata>
      <criteria>
        <criterion comment="IBM AIX version is greater than or equal 5.2.0.0" test_ref="oval:com.hp.oval:tst:9001" negate="false"/>
        <criterion comment="IBM AIX version is less than 5.3.0.0" test_ref="oval:com.hp.oval:tst:9002" negate="false"/>
      </criteria>
    </definition>
    <definition id="oval:com.hp.oval:def:9002" version="0" class="inventory">
      <metadata>
        <title>IBM AIX 5.3 is installed</title>
        <affected family="unix">
          <platform>IBM AIX 5.3</platform>
        </affected>
        <reference source="CPE" ref_id="cpe:/o:ibm:aix:5.3"/>
        <description>The operating system installed on the system is IBM AIX 5.3.</description>
        <oval_repository>
          <dates>
            <submitted date="2008-04-11T12:00:00.000-04:00">
              <contributor organization="Hewlett-Packard">Yuzheng Zhou</contributor>
            </submitted>
          </dates>
          <status>DRAFT</status>
        </oval_repository>
      </metadata>
      <criteria>
        <criterion comment="IBM AIX version is greater than or equal 5.3.0.0" test_ref="oval:com.hp.oval:tst:9003" negate="false"/>
        <criterion comment="IBM AIX version is less than 5.4.0.0" test_ref="oval:com.hp.oval:tst:9004" negate="false"/>
      </criteria>
    </definition>
  </definitions>
  <tests>
    <oslevel_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" check_existence="at_least_one_exists" comment="IBM AIX version is greater than or equal 5.2.0.0" check="at least one" version="0" id="oval:com.hp.oval:tst:9001">
      <object object_ref="oval:com.hp.oval:obj:9001"/>
      <state state_ref="oval:com.hp.oval:ste:9001"/>
    </oslevel_test>
    <oslevel_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" check_existence="at_least_one_exists" comment="IBM AIX version is less than 5.3.0.0" check="at least one" version="0" id="oval:com.hp.oval:tst:9002">
      <object object_ref="oval:com.hp.oval:obj:9001"/>
      <state state_ref="oval:com.hp.oval:ste:9002"/>
    </oslevel_test>
    <oslevel_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" check_existence="at_least_one_exists" comment="IBM AIX version is greater than or equal 5.3.0.0" check="at least one" version="0" id="oval:com.hp.oval:tst:9003">
      <object object_ref="oval:com.hp.oval:obj:9001"/>
      <state state_ref="oval:com.hp.oval:ste:9003"/>
    </oslevel_test>
    <oslevel_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" check_existence="at_least_one_exists" comment="IBM AIX version is less than 5.4.0.0" check="at least one" version="0" id="oval:com.hp.oval:tst:9004">
      <object object_ref="oval:com.hp.oval:obj:9001"/>
      <state state_ref="oval:com.hp.oval:ste:9004"/>
    </oslevel_test>
    <fix_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" check_existence="at_least_one_exists" comment="All filesets for APAR IY78253 are installed" check="at least one" version="0" id="oval:com.hp.oval:tst:20080307001">
      <object object_ref="oval:com.hp.oval:obj:20080307001"/>
      <state state_ref="oval:com.hp.oval:ste:20080307001"/>
    </fix_test>
    <fix_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" check_existence="at_least_one_exists" comment="All filesets for APAR IY78241 are installed" check="at least one" version="0" id="oval:com.hp.oval:tst:20080307002">
      <object object_ref="oval:com.hp.oval:obj:20080307002"/>
      <state state_ref="oval:com.hp.oval:ste:20080307001"/>
    </fix_test>
    <fileset_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" check_existence="at_least_one_exists" comment="The level of fileset bos.net.tcp.client is greater than or equal 5.2.0.0" check="at least one" version="0" id="oval:com.hp.oval:tst:20080306001">
      <object object_ref="oval:com.hp.oval:obj:20080306001"/>
      <state state_ref="oval:com.hp.oval:ste:20080306001"/>
    </fileset_test>
    <fileset_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" check_existence="at_least_one_exists" comment="The level of fileset bos.net.tcp.client is less than or equal 5.2.0.108" check="at least one" version="0" id="oval:com.hp.oval:tst:20080306002">
      <object object_ref="oval:com.hp.oval:obj:20080306001"/>
      <state state_ref="oval:com.hp.oval:ste:20080306002"/>
    </fileset_test>
    <fileset_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" check_existence="at_least_one_exists" comment="The level of fileset bos.net.tcp.client is greater than or equal 5.3.0.0" check="at least one" version="0" id="oval:com.hp.oval:tst:20080306003">
      <object object_ref="oval:com.hp.oval:obj:20080306001"/>
      <state state_ref="oval:com.hp.oval:ste:20080306003"/>
    </fileset_test>
    <fileset_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" check_existence="at_least_one_exists" comment="The level of fileset bos.net.tcp.client is less than or equal 5.3.0.64" check="at least one" version="0" id="oval:com.hp.oval:tst:20080306004">
      <object object_ref="oval:com.hp.oval:obj:20080306001"/>
      <state state_ref="oval:com.hp.oval:ste:20080306004"/>
    </fileset_test>
        <fix_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" check_existence="at_least_one_exists" comment="All filesets for APAR IZ17360 are installed" check="at least one" version="0" id="oval:com.hp.oval:tst:20080312001">
      <object object_ref="oval:com.hp.oval:obj:20080312001"/>
      <state state_ref="oval:com.hp.oval:ste:20080307001"/>
    </fix_test>
    <fix_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" check_existence="at_least_one_exists" comment="All filesets for APAR IZ17390 are installed" check="at least one" version="0" id="oval:com.hp.oval:tst:20080312002">
      <object object_ref="oval:com.hp.oval:obj:20080312002"/>
      <state state_ref="oval:com.hp.oval:ste:20080307001"/>
    </fix_test>
  </tests>
  <objects>
    <oslevel_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" id="oval:com.hp.oval:obj:9001" version="0" comment="The single oslevel object."/>
    <fix_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" version="0" id="oval:com.hp.oval:obj:20080307001">
      <apar_number datatype="string">IY78253</apar_number>
    </fix_object>
    <fix_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" version="0" id="oval:com.hp.oval:obj:20080307002">
      <apar_number datatype="string">IY78241</apar_number>
    </fix_object>
    <fileset_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" version="0" id="oval:com.hp.oval:obj:20080306001">
      <flstinst datatype="string">bos.net.tcp.client</flstinst>
    </fileset_object>
    <fix_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" version="0" id="oval:com.hp.oval:obj:20080312001">
      <apar_number datatype="string">IZ17360</apar_number>
    </fix_object>
    <fix_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" version="0" id="oval:com.hp.oval:obj:20080312002">
      <apar_number datatype="string">IZ17390</apar_number>
    </fix_object>
  </objects>
  <states>
    <oslevel_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" operator="AND" version="0" id="oval:com.hp.oval:ste:9001">
      <maintenance_level operation="greater than or equal" datatype="version">5200-00</maintenance_level>
    </oslevel_state>
    <oslevel_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" operator="AND" version="0" id="oval:com.hp.oval:ste:9002">
      <maintenance_level operation="less than" datatype="version">5300-00</maintenance_level>
    </oslevel_state>
    <oslevel_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" operator="AND" version="0" id="oval:com.hp.oval:ste:9003">
      <maintenance_level operation="greater than or equal" datatype="version">5300-00</maintenance_level>
    </oslevel_state>
    <oslevel_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" operator="AND" version="0" id="oval:com.hp.oval:ste:9004">
      <maintenance_level operation="less than" datatype="version">5400-00</maintenance_level>
    </oslevel_state>
     <fix_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" operator="AND" version="0" id="oval:com.hp.oval:ste:20080307001">
      <installation_status operation="equals" datatype="string">ALL_INSTALLED</installation_status>
    </fix_state>
    <fileset_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" operator="AND" version="0" id="oval:com.hp.oval:ste:20080306001">
      <level operation="greater than or equal" datatype="version">5.2.0.0</level>
    </fileset_state>
    <fileset_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" operator="AND" version="0" id="oval:com.hp.oval:ste:20080306002">
      <level operation="less than or equal" datatype="version">5.2.0.108</level>
    </fileset_state>
    <fileset_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" operator="AND" version="0" id="oval:com.hp.oval:ste:20080306003">
      <level operation="greater than or equal" datatype="version">5.3.0.0</level>
    </fileset_state>
    <fileset_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix" operator="AND" version="0" id="oval:com.hp.oval:ste:20080306004">
      <level operation="less than or equal" datatype="version">5.3.0.64</level>
    </fileset_state>
  </states>
</oval_definitions>

Yuzheng,

Thank you for your AIX and ESX definition submissions.  Both sets you
contributed have been posted to the OVAL Repository for further
community review.

Thanks,
Bryan Worrell



__
Bryan Worrell    
The MITRE Corporation
bworrell@...




To unsubscribe, send an email message to LISTSERV@... with
SIGNOFF OVAL-DISCUSSION-LIST
in the BODY of the message.  If you have difficulties, write to OVAL-DISCUSSION-LIST-request@....