New OVAL definition
|
|
Hansen, Nick (HP SW DCA)
|
I've created a new OVAL definition to address CVE-2008-2538 covering Sun Alert 237864. Please let me know if you find any issues with it.
Thanks, --Nick To unsubscribe, send an email message to LISTSERV@... with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to OVAL-DISCUSSION-LIST-request@.... <?xml version="1.0" encoding="UTF-8"?> <oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:sol-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris" xmlns:unix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris solaris-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd"> <generator> <oval:product_name>Hewlett-Packard</oval:product_name> <oval:schema_version>5.4</oval:schema_version> <oval:timestamp>2008-06-05T11:19:56.000-04:00</oval:timestamp> </generator> <definitions> <definition id="oval:com.hp.oval:def:20080605001" version="0" class="vulnerability"> <metadata> <title>Security Vulnerability in the Solaris crontab(1) utility may allow execution of Arbitrary Code</title> <affected family="unix"> <platform>Sun Solaris 8</platform> <platform>Sun Solaris 9</platform> <platform>Sun Solaris 10</platform> </affected> <reference source="CVE" ref_id="CVE-2008-2538" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2538"/> <description>Unspecified vulnerability in crontab on Sun Solaris 8 through 10 allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified vectors.</description> <oval_repository> <dates> <submitted date="2008-06-05T11:19:56.000-04:00"> <contributor organization="Hewlett-Packard">Nicholas Hansen</contributor> </submitted> </dates> <status>DRAFT</status> </oval_repository> </metadata> <criteria operator="OR" comment="Software Section"> <criteria operator="AND" comment="Solaris 8 (SPARC) meets Sun Alert 237864" negate="false"> <extend_definition comment="Solaris 8 (SPARC) is installed" definition_ref="oval:org.mitre.oval:def:1539"/> <criterion comment="Patch 109007-26 or later installed" test_ref="oval:com.hp.oval:tst:20080605001" negate="true"/> </criteria> <criteria operator="AND" comment="Solaris 9 (SPARC) meets Sun Alert 237864" negate="false"> <extend_definition comment="Solaris 9 (SPARC) is installed" definition_ref="oval:org.mitre.oval:def:1457"/> <criterion comment="Patch 122300-27 or later installed" test_ref="oval:com.hp.oval:tst:20080605002" negate="true"/> </criteria> <criteria operator="AND" comment="Solaris 9 (SPARC) meets Sun Alert 237864" negate="false"> <extend_definition comment="Solaris 9 (SPARC) is installed" definition_ref="oval:org.mitre.oval:def:1457"/> <criterion comment="Patch 137017-02 or later installed" test_ref="oval:com.hp.oval:tst:20080605003" negate="true"/> </criteria> <criteria operator="AND" comment="Solaris 8 (x86) meets Sun Alert 237864" negate="false"> <extend_definition comment="Solaris 8 (x86) is installed" definition_ref="oval:org.mitre.oval:def:2059"/> <criterion comment="Patch 109008-26 or later installed" test_ref="oval:com.hp.oval:tst:20080605004" negate="true"/> </criteria> <criteria operator="AND" comment="Solaris 9 (x86) meets Sun Alert 237864" negate="false"> <extend_definition comment="Solaris 9 (x86) is installed" definition_ref="oval:org.mitre.oval:def:1683"/> <criterion comment="Patch 122301-27 or later installed" test_ref="oval:com.hp.oval:tst:20080605005" negate="true"/> </criteria> <criteria operator="AND" comment="Solaris 10 (x86) meets Sun Alert 237864" negate="false"> <extend_definition comment="Solaris 10 (x86) is installed" definition_ref="oval:org.mitre.oval:def:1926"/> <criterion comment="Patch 137018-02 or later installed" test_ref="oval:com.hp.oval:tst:20080605006" negate="true"/> </criteria> </criteria> </definition> <definition id="oval:org.mitre.oval:def:2059" version="1" class="inventory"> <metadata> <title>Solaris 8 (x86) is installed</title> <affected family="unix"> <platform>Sun Solaris 8</platform> </affected> <reference source="CPE" ref_id="cpe:/o:sun:sunos:5.8::ix86"/> <description>The operating system installed on the system is Sun Solaris 8 for x86.</description> <oval_repository> <dates> <submitted date="2007-06-22T08:00:00.000-04:00"> <contributor organization="The MITRE Corporation">Jonathan Baker</contributor> </submitted> <status_change date="2007-06-22T08:20:00.000-04:00">DRAFT</status_change> <status_change date="2007-07-10T21:08:51.544-04:00">INTERIM</status_change> <status_change date="2007-08-01T22:26:15.624-04:00">ACCEPTED</status_change> </dates> <status>ACCEPTED</status> </oval_repository> </metadata> <criteria> <criterion comment="Solaris 8 Installed" test_ref="oval:org.mitre.oval:tst:3437"/> <criterion comment="ix86 architecture" test_ref="oval:org.mitre.oval:tst:3912"/> </criteria> </definition> <definition id="oval:org.mitre.oval:def:1457" version="1" class="inventory"> <metadata> <title>Solaris 9 (SPARC) is installed</title> <affected family="unix"> <platform>Sun Solaris 9</platform> </affected> <reference source="CPE" ref_id="cpe:/o:sun:sunos:5.9::sparc"/> <description>The operating system installed on the system is Sun Solaris 9 for SPARC.</description> <oval_repository> <dates> <submitted date="2007-06-22T08:00:00.000-04:00"> <contributor organization="The MITRE Corporation">Jonathan Baker</contributor> </submitted> <status_change date="2007-06-22T08:20:00.000-04:00">DRAFT</status_change> <status_change date="2007-07-10T21:08:48.350-04:00">INTERIM</status_change> <status_change date="2007-08-01T22:26:14.151-04:00">ACCEPTED</status_change> </dates> <status>ACCEPTED</status> </oval_repository> </metadata> <criteria> <criterion comment="Solaris 9 Installed" test_ref="oval:org.mitre.oval:tst:3172"/> <criterion comment="sparc architecture" test_ref="oval:org.mitre.oval:tst:3237"/> </criteria> </definition> <definition id="oval:org.mitre.oval:def:1539" version="1" class="inventory"> <metadata> <title>Solaris 8 (SPARC) is installed</title> <affected family="unix"> <platform>Sun Solaris 8</platform> </affected> <reference source="CPE" ref_id="cpe:/o:sun:sunos:5.8::sparc"/> <description>The operating system installed on the system is Sun Solaris 8 for SPARC.</description> <oval_repository> <dates> <submitted date="2007-06-22T08:00:00.000-04:00"> <contributor organization="The MITRE Corporation">Jonathan Baker</contributor> </submitted> <status_change date="2007-06-22T08:20:00.000-04:00">DRAFT</status_change> <status_change date="2007-07-10T21:08:48.692-04:00">INTERIM</status_change> <status_change date="2007-08-01T22:26:14.211-04:00">ACCEPTED</status_change> </dates> <status>ACCEPTED</status> </oval_repository> </metadata> <criteria> <criterion comment="Solaris 8 Installed" test_ref="oval:org.mitre.oval:tst:3437"/> <criterion comment="sparc architecture" test_ref="oval:org.mitre.oval:tst:3237"/> </criteria> </definition> <definition id="oval:org.mitre.oval:def:1926" version="1" class="inventory"> <metadata> <title>Solaris 10 (x86) is installed</title> <affected family="unix"> <platform>Sun Solaris 10</platform> </affected> <reference source="CPE" ref_id="cpe:/o:sun:sunos:5.10::ix86"/> <description>The operating system installed on the system is Sun Solaris 10 for x86.</description> <oval_repository> <dates> <submitted date="2007-06-15T12:00:00.000-04:00"> <contributor organization="The MITRE Corporation">Jonathan Baker</contributor> </submitted> <status_change date="2007-06-15T12:20:00.000-04:00">DRAFT</status_change> <status_change date="2007-07-03T21:53:53.007-04:00">INTERIM</status_change> <status_change date="2007-07-18T15:57:51.357-04:00">ACCEPTED</status_change> </dates> <status>ACCEPTED</status> </oval_repository> </metadata> <criteria> <criterion comment="Solaris 10 Installed" test_ref="oval:org.mitre.oval:tst:3680"/> <criterion comment="ix86 architecture" test_ref="oval:org.mitre.oval:tst:3912"/> </criteria> </definition> <definition id="oval:org.mitre.oval:def:1683" version="1" class="inventory"> <metadata> <title>Solaris 9 (x86) is installed</title> <affected family="unix"> <platform>Sun Solaris 9</platform> </affected> <reference source="CPE" ref_id="cpe:/o:sun:sunos:5.9::ix86"/> <description>The operating system installed on the system is Sun Solaris 9 for x86.</description> <oval_repository> <dates> <submitted date="2007-06-22T08:00:00.000-04:00"> <contributor organization="The MITRE Corporation">Jonathan Baker</contributor> </submitted> <status_change date="2007-06-22T08:20:00.000-04:00">DRAFT</status_change> <status_change date="2007-07-10T21:08:49.960-04:00">INTERIM</status_change> <status_change date="2007-08-01T22:26:14.277-04:00">ACCEPTED</status_change> </dates> <status>ACCEPTED</status> </oval_repository> </metadata> <criteria> <criterion comment="Solaris 9 Installed" test_ref="oval:org.mitre.oval:tst:3172"/> <criterion comment="ix86 architecture" test_ref="oval:org.mitre.oval:tst:3912"/> </criteria> </definition> </definitions> <tests> <patch_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris" check_existence="at_least_one_exists" comment="Patch 109007-26 or later installed" check="at least one" version="1" id="oval:com.hp.oval:tst:20080605001"> <object object_ref="oval:com.hp.oval:obj:20080605001"/> <state state_ref="oval:com.hp.oval:ste:20080605001"/> </patch_test> <patch_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris" check_existence="at_least_one_exists" comment="Patch 122300-27 or later installed" check="at least one" version="1" id="oval:com.hp.oval:tst:20080605002"> <object object_ref="oval:com.hp.oval:obj:20080605002"/> <state state_ref="oval:com.hp.oval:ste:20080605002"/> </patch_test> <patch_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris" check_existence="at_least_one_exists" comment="Patch 137017-02 or later installed" check="at least one" version="1" id="oval:com.hp.oval:tst:20080605003"> <object object_ref="oval:com.hp.oval:obj:20080605003"/> <state state_ref="oval:com.hp.oval:ste:20080605003"/> </patch_test> <patch_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris" check_existence="at_least_one_exists" comment="Patch 109008-26 or later installed" check="at least one" version="1" id="oval:com.hp.oval:tst:20080605004"> <object object_ref="oval:com.hp.oval:obj:20080605004"/> <state state_ref="oval:com.hp.oval:ste:20080605001"/> </patch_test> <patch_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris" check_existence="at_least_one_exists" comment="Patch 122301-27 or later installed" check="at least one" version="1" id="oval:com.hp.oval:tst:20080605005"> <object object_ref="oval:com.hp.oval:obj:20080605005"/> <state state_ref="oval:com.hp.oval:ste:20080605002"/> </patch_test> <patch_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris" check_existence="at_least_one_exists" comment="Patch 137018-02 or later installed" check="at least one" version="1" id="oval:com.hp.oval:tst:20080605006"> <object object_ref="oval:com.hp.oval:obj:20080605006"/> <state state_ref="oval:com.hp.oval:ste:20080605003"/> </patch_test> <uname_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:org.mitre.oval:tst:3172" version="1" comment="Solaris 9 Installed" check_existence="at_least_one_exists" check="at least one"> <object object_ref="oval:org.mitre.oval:obj:2759"/> <state state_ref="oval:org.mitre.oval:ste:3891"/> </uname_test> <uname_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:org.mitre.oval:tst:3237" version="1" comment="sparc architecture" check_existence="at_least_one_exists" check="at least one"> <object object_ref="oval:org.mitre.oval:obj:2759"/> <state state_ref="oval:org.mitre.oval:ste:3478"/> </uname_test> <uname_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:org.mitre.oval:tst:3437" version="1" comment="Solaris 8 Installed" check_existence="at_least_one_exists" check="at least one"> <object object_ref="oval:org.mitre.oval:obj:2759"/> <state state_ref="oval:org.mitre.oval:ste:3700"/> </uname_test> <uname_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:org.mitre.oval:tst:3680" version="1" comment="Solaris 10 Installed" check_existence="at_least_one_exists" check="at least one"> <object object_ref="oval:org.mitre.oval:obj:2759"/> <state state_ref="oval:org.mitre.oval:ste:3597"/> </uname_test> <uname_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:org.mitre.oval:tst:3912" version="1" comment="ix86 architecture" check_existence="at_least_one_exists" check="at least one"> <object object_ref="oval:org.mitre.oval:obj:2759"/> <state state_ref="oval:org.mitre.oval:ste:3443"/> </uname_test> </tests> <objects> <patch_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris" version="1" id="oval:com.hp.oval:obj:20080605001"> <base datatype="int">109007</base> </patch_object> <patch_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris" version="1" id="oval:com.hp.oval:obj:20080605002"> <base datatype="int">122300</base> </patch_object> <patch_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris" version="1" id="oval:com.hp.oval:obj:20080605003"> <base datatype="int">137017</base> </patch_object> <patch_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris" version="1" id="oval:com.hp.oval:obj:20080605004"> <base datatype="int">109008</base> </patch_object> <patch_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris" version="1" id="oval:com.hp.oval:obj:20080605005"> <base datatype="int">122301</base> </patch_object> <patch_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris" version="1" id="oval:com.hp.oval:obj:20080605006"> <base datatype="int">137018</base> </patch_object> <uname_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:org.mitre.oval:obj:2759" version="1" comment="The single uname object."/> </objects> <states> <patch_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris" operator="AND" version="1" id="oval:com.hp.oval:ste:20080605001"> <version operation="greater than or equal" datatype="int">26</version> </patch_state> <patch_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris" operator="AND" version="1" id="oval:com.hp.oval:ste:20080605002"> <version operation="greater than or equal" datatype="int">27</version> </patch_state> <patch_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#solaris" operator="AND" version="1" id="oval:com.hp.oval:ste:20080605003"> <version operation="greater than or equal" datatype="int">02</version> </patch_state> <uname_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:org.mitre.oval:ste:3443" version="1" comment="processor type is ix86"> <processor_type operation="pattern match">^i.*86</processor_type> </uname_state> <uname_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:org.mitre.oval:ste:3478" version="1" comment="processor type is SPARC"> <processor_type operation="pattern match">[Ss][Pp][Aa][Rr][Cc]</processor_type> </uname_state> <uname_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:org.mitre.oval:ste:3597" version="1"> <os_release>5.10</os_release> </uname_state> <uname_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:org.mitre.oval:ste:3700" version="1" comment="os release is 5.8"> <os_release>5.8</os_release> </uname_state> <uname_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:org.mitre.oval:ste:3891" version="1" comment="os release is 5.9"> <os_release>5.9</os_release> </uname_state> </states> </oval_definitions> |
Ken Lassesen-3
|
This is a definition which will typically be used as an extended definition. It uses existing definitions with one exception, there is no definition for Windows NT 4 so it references an existing test.
Ken Lassesen, Home/Office: 360-724-3190 Fax: 952-516-5077 Cell: 360-509-2402 Skype: Ken.Lassesen IM: Ken@... http://www.linkedin.com/in/lassesen CONFIDENTIALITY NOTICE The information contained in this electronic message may contain confidential and privileged information and is intended only for use by the individual(s) or entity(ies) to whom it was addressed. Any unauthorized review, use, disclosure, or distribution of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and permanently delete and destroy the original message. To unsubscribe, send an email message to LISTSERV@... with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to OVAL-DISCUSSION-LIST-request@.... <?xml version="1.0" encoding="UTF-8"?> <oval_definitions xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows windows-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:win="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5"> <generator> <oval:product_name>Lumension WSUS Repository</oval:product_name> <oval:schema_version>5.4</oval:schema_version> <oval:timestamp>2008-05-22T09:06:02.346-04:00</oval:timestamp> </generator> <definitions> <definition id="oval:org.mitre.oval:def:9999999" version="0" class="inventory"> <metadata> <title>Checks that this OS Supports WMI in general</title> <affected family="windows" > <platform>Microsoft Windows NT 4 SP4</platform> <platform>Microsoft Windows 2000</platform> <platform>Microsoft Windows XP</platform> <platform>Microsoft Windows Server 2003</platform> <platform>Microsoft Windows Server 2008</platform> <platform>Microsoft Windows Vista</platform> </affected> <reference source="CPE" ref_id="cpe:/a:microsoft:wmi" /> <description> Test if this OS should support WMI service. Note: different Objects are supported on different OS. This is a generic test for the API.</description> </metadata> <criteria operator="OR"> <criterion test_ref="oval:org.mitre.oval:tst:3089" negate="false" comment="NT 4 Is installed"/> <extend_definition comment="Microsoft Windows Server 2008 (32-bit) is installed" definition_ref="oval:org.mitre.oval:def:4870"/> <extend_definition definition_ref="oval:org.mitre.oval:def:4870" negate="false" comment="Windows Server 2008 x32"/> <extend_definition definition_ref="oval:org.mitre.oval:def:5356" negate="false" comment="Windows Server 2008 x64"/> <extend_definition definition_ref="oval:org.mitre.oval:def:105" negate="false" comment="Windows XP"/> <extend_definition definition_ref="oval:org.mitre.oval:def:228" negate="false" comment="Windows Vista"/> <extend_definition definition_ref="oval:org.mitre.oval:def:128" negate="false" comment="Windows Server 2003"/> <extend_definition definition_ref="oval:org.mitre.oval:def:229" negate="false" comment="Windows 2000 SP4 or later Is installed"/> </criteria> </definition> </definitions> </oval_definitions> |
||||||||||||||||||
Worrell, Bryan A.
|
In reply to this post by Hansen, Nick (HP SW DCA)
Nick,
Thank you for your submission to the OVAL Repository. Your submission has been posted for further community review. Thanks, Bryan Worrell __ Bryan Worrell The MITRE Corporation bworrell@... >-----Original Message----- >From: Hansen, Nick [mailto:nick.hansen@...] >Sent: Thursday, June 05, 2008 12:06 PM >To: oval-discussion-list OVAL Discussion List/Closed Public Discussi >Subject: [OVAL-DISCUSSION-LIST] New OVAL definition > >I've created a new OVAL definition to address CVE-2008-2538 covering Sun >Alert 237864. Please let me know if you find any issues with it. > >Thanks, >--Nick > >To unsubscribe, send an email message to LISTSERV@... with >SIGNOFF OVAL-DISCUSSION-LIST >in the BODY of the message. If you have difficulties, write to OVAL- >DISCUSSION-LIST-request@.... To unsubscribe, send an email message to LISTSERV@... with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to OVAL-DISCUSSION-LIST-request@.... |
||||||||||||||||||
|
Worrell, Bryan A.
|
In reply to this post by Ken Lassesen-3
Ken,
Thank you for your submission to the OVAL Repository. While reviewing your document I came across a few things that need revising. One problem I encountered was the id you assigned to the new definition contained a MITRE namespace (oval:org.mitre.oval:def:9999999) instead of the Lumension namespace. Also, the file does not validate as it does not contain the definitions that the <extend_definition> elements point to. Unfortunately, the process we have in place for importing data requires that the document being processed is a valid OVAL document in terms of the OVAL schema. We are actively attempting to streamline this process so that a submission such as this one which contains only <extend_definition> which point to existing data can be processed without the actual definitions being present. Thank you, Bryan Worrell __ Bryan Worrell The MITRE Corporation bworrell@... >-----Original Message----- >From: Ken Lassesen [mailto:ken.lassesen@...] >Sent: Thursday, June 05, 2008 2:23 PM >To: oval-discussion-list OVAL Discussion List/Closed Public Discussi >Subject: [OVAL-DISCUSSION-LIST] New OVAL definition: WMI OS's > >This is a definition which will typically be used as an extended >definition. It uses existing definitions with one exception, there is no >definition for Windows NT 4 so it references an existing test. > > >Ken Lassesen, >Home/Office: 360-724-3190 Fax: 952-516-5077 >Cell: 360-509-2402 Skype: Ken.Lassesen >IM: Ken@... http://www.linkedin.com/in/lassesen >CONFIDENTIALITY NOTICE >The information contained in this electronic message may contain >confidential and privileged information and is intended only for use >the individual(s) or entity(ies) to whom it was addressed. Any >unauthorized review, use, disclosure, or distribution of this >communication is strictly prohibited. If you are not the intended >recipient, please contact the sender by reply email and permanently >delete and destroy the original message. > > >To unsubscribe, send an email message to LISTSERV@... with >SIGNOFF OVAL-DISCUSSION-LIST >in the BODY of the message. If you have difficulties, write to OVAL- >DISCUSSION-LIST-request@.... To unsubscribe, send an email message to LISTSERV@... with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to OVAL-DISCUSSION-LIST-request@.... |
||||||||||||||||||
|
Ken Lassesen-3
|
No problem, should have a proper submission by EOD
Ken Lassesen, Home/Office: 360-724-3190 Fax: 952-516-5077 Cell: 360-509-2402 Skype: Ken.Lassesen IM: Ken@... http://www.linkedin.com/in/lassesen CONFIDENTIALITY NOTICE The information contained in this electronic message may contain confidential and privileged information and is intended only for use by the individual(s) or entity(ies) to whom it was addressed. Any unauthorized review, use, disclosure, or distribution of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and permanently delete and destroy the original message. -----Original Message----- From: Worrell, Bryan A. [mailto:bworrell@...] Sent: Thursday, June 05, 2008 12:15 PM To: OVAL-DISCUSSION-LIST@... Subject: Re: [OVAL-DISCUSSION-LIST] New OVAL definition: WMI OS's Ken, Thank you for your submission to the OVAL Repository. While reviewing your document I came across a few things that need revising. One problem I encountered was the id you assigned to the new definition contained a MITRE namespace (oval:org.mitre.oval:def:9999999) instead of the Lumension namespace. Also, the file does not validate as it does not contain the definitions that the <extend_definition> elements point to. Unfortunately, the process we have in place for importing data requires that the document being processed is a valid OVAL document in terms of the OVAL schema. We are actively attempting to streamline this process so that a submission such as this one which contains only <extend_definition> which point to existing data can be processed without the actual definitions being present. Thank you, Bryan Worrell __ Bryan Worrell The MITRE Corporation bworrell@... >-----Original Message----- >From: Ken Lassesen [mailto:ken.lassesen@...] >Sent: Thursday, June 05, 2008 2:23 PM >To: oval-discussion-list OVAL Discussion List/Closed Public Discussi >Subject: [OVAL-DISCUSSION-LIST] New OVAL definition: WMI OS's > >This is a definition which will typically be used as an extended >definition. It uses existing definitions with one exception, there is no >definition for Windows NT 4 so it references an existing test. > > >Ken Lassesen, >Home/Office: 360-724-3190 Fax: 952-516-5077 >Cell: 360-509-2402 Skype: Ken.Lassesen >IM: Ken@... http://www.linkedin.com/in/lassesen >CONFIDENTIALITY NOTICE >The information contained in this electronic message may contain >confidential and privileged information and is intended only for use >the individual(s) or entity(ies) to whom it was addressed. Any >unauthorized review, use, disclosure, or distribution of this >communication is strictly prohibited. If you are not the intended >recipient, please contact the sender by reply email and permanently >delete and destroy the original message. > > >To unsubscribe, send an email message to LISTSERV@... with >SIGNOFF OVAL-DISCUSSION-LIST >in the BODY of the message. If you have difficulties, write to OVAL- >DISCUSSION-LIST-request@.... To unsubscribe, send an email message to LISTSERV@... with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to OVAL-DISCUSSION-LIST-request@.... To unsubscribe, send an email message to LISTSERV@... with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to OVAL-DISCUSSION-LIST-request@.... |
||||||||||||||||||
|
Ken Lassesen-3
|
In reply to this post by Worrell, Bryan A.
Here it is with all of the missing content.
Ken Lassesen, Home/Office: 360-724-3190 Fax: 952-516-5077 Cell: 360-509-2402 Skype: Ken.Lassesen IM: Ken@... http://www.linkedin.com/in/lassesen CONFIDENTIALITY NOTICE The information contained in this electronic message may contain confidential and privileged information and is intended only for use by the individual(s) or entity(ies) to whom it was addressed. Any unauthorized review, use, disclosure, or distribution of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and permanently delete and destroy the original message. -----Original Message----- From: Worrell, Bryan A. [mailto:bworrell@...] Sent: Thursday, June 05, 2008 12:15 PM To: OVAL-DISCUSSION-LIST@... Subject: Re: [OVAL-DISCUSSION-LIST] New OVAL definition: WMI OS's Ken, Thank you for your submission to the OVAL Repository. While reviewing your document I came across a few things that need revising. One problem I encountered was the id you assigned to the new definition contained a MITRE namespace (oval:org.mitre.oval:def:9999999) instead of the Lumension namespace. Also, the file does not validate as it does not contain the definitions that the <extend_definition> elements point to. Unfortunately, the process we have in place for importing data requires that the document being processed is a valid OVAL document in terms of the OVAL schema. We are actively attempting to streamline this process so that a submission such as this one which contains only <extend_definition> which point to existing data can be processed without the actual definitions being present. Thank you, Bryan Worrell __ Bryan Worrell The MITRE Corporation bworrell@... >-----Original Message----- >From: Ken Lassesen [mailto:ken.lassesen@...] >Sent: Thursday, June 05, 2008 2:23 PM >To: oval-discussion-list OVAL Discussion List/Closed Public Discussi >Subject: [OVAL-DISCUSSION-LIST] New OVAL definition: WMI OS's > >This is a definition which will typically be used as an extended >definition. It uses existing definitions with one exception, there is no >definition for Windows NT 4 so it references an existing test. > > >Ken Lassesen, >Home/Office: 360-724-3190 Fax: 952-516-5077 >Cell: 360-509-2402 Skype: Ken.Lassesen >IM: Ken@... http://www.linkedin.com/in/lassesen >CONFIDENTIALITY NOTICE >The information contained in this electronic message may contain >confidential and privileged information and is intended only for use >the individual(s) or entity(ies) to whom it was addressed. Any >unauthorized review, use, disclosure, or distribution of this >communication is strictly prohibited. If you are not the intended >recipient, please contact the sender by reply email and permanently >delete and destroy the original message. > > >To unsubscribe, send an email message to LISTSERV@... with >SIGNOFF OVAL-DISCUSSION-LIST >in the BODY of the message. If you have difficulties, write to OVAL- >DISCUSSION-LIST-request@.... SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to OVAL-DISCUSSION-LIST-request@.... To unsubscribe, send an email message to LISTSERV@... with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to OVAL-DISCUSSION-LIST-request@.... <?xml version="1.0" encoding="UTF-8"?> <oval_definitions xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows windows-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:win="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5"> <generator> <oval:product_name>Lumension WSUS Repository</oval:product_name> <oval:schema_version>5.4</oval:schema_version> <oval:timestamp>2008-05-22T09:06:02.346-04:00</oval:timestamp> </generator> <definitions> <definition id="oval:com.lumension.wmi:def:1" version="0" class="inventory"> <metadata> <title>Checks that this OS Supports WMI in general</title> <affected family="windows"> <platform>Microsoft Windows NT 4 SP4</platform> <platform>Microsoft Windows 2000</platform> <platform>Microsoft Windows XP</platform> <platform>Microsoft Windows Server 2003</platform> <platform>Microsoft Windows Server 2008</platform> <platform>Microsoft Windows Vista</platform> </affected> <reference source="CPE" ref_id="cpe:/a:microsoft:wmi" /> <description> Test if this OS should support WMI service. Note: different Objects are supported on different OS. This is a generic test for the API.</description> </metadata> <criteria operator="OR"> <criterion test_ref="oval:org.mitre.oval:tst:3089" negate="false" comment="NT 4 Is installed" /> <extend_definition comment="Microsoft Windows Server 2008 (32-bit) is installed" definition_ref="oval:org.mitre.oval:def:4870" /> <extend_definition definition_ref="oval:org.mitre.oval:def:4870" negate="false" comment="Windows Server 2008 x32" /> <extend_definition definition_ref="oval:org.mitre.oval:def:5356" negate="false" comment="Windows Server 2008 x64" /> <extend_definition definition_ref="oval:org.mitre.oval:def:105" negate="false" comment="Windows XP" /> <extend_definition definition_ref="oval:org.mitre.oval:def:228" negate="false" comment="Windows Vista" /> <extend_definition definition_ref="oval:org.mitre.oval:def:128" negate="false" comment="Windows Server 2003" /> <extend_definition definition_ref="oval:org.mitre.oval:def:229" negate="false" comment="Windows 2000 SP4 or later Is installed" /> </criteria> </definition> <definition id="oval:org.mitre.oval:def:4870" version="1" class="inventory"> <metadata> <title>Microsoft Windows Server 2008 (32-bit) is installed</title> <affected family="windows"> <platform>Microsoft Windows Server 2008</platform> </affected> <reference source="CPE" ref_id="cpe:/o:microsoft:windows_2008:::x86" /> <description>The operating system installed on the system is Microsoft Windows Server 2008 (32-bit)</description> <oval_repository> <dates> <submitted date="2008-03-26T10:44:02"> <contributor organization="Secure Elements, Inc.">Sudhir Gandhe</contributor> </submitted> <status_change date="2008-03-26T16:27:25.280-04:00">DRAFT</status_change> <modified comment="Changed the CPE reference" date="2008-04-04T11:17:00.555-04:00"> <contributor organization="The MITRE Corporation">Andrew Buttner</contributor> </modified> <status_change date="2008-04-21T04:00:20.181-04:00">INTERIM</status_change> <status_change date="2008-05-12T04:00:10.618-04:00">ACCEPTED</status_change> </dates> <status>ACCEPTED</status> </oval_repository> </metadata> <criteria> <criterion comment="the installed operating system is part of the Microsoft Windows family" test_ref="oval:org.mitre.oval:tst:99" /> <criterion comment="Windows Server 2008 is installed" test_ref="oval:org.mitre.oval:tst:7697" /> <criterion negate="true" comment="a version of Windows for the x64 architecture is installed" test_ref="oval:org.mitre.oval:tst:3653" /> </criteria> </definition> <definition id="oval:org.mitre.oval:def:5356" version="1" class="inventory"> <metadata> <title>Microsoft Windows Server 2008 x64 Edition is installed</title> <affected family="windows"> <platform>Microsoft Windows Server 2008</platform> </affected> <reference source="CPE" ref_id="cpe:/o:microsoft:windows_2008::sp1:x64" /> <description>The operating system installed on the system is Microsoft Windows Server 2008 x64 Edition</description> <oval_repository> <dates> <submitted date="2008-03-26T10:44:02"> <contributor organization="Secure Elements, Inc.">Sudhir Gandhe</contributor> </submitted> <status_change date="2008-03-26T16:27:25.493-04:00">DRAFT</status_change> <modified comment="Changed the CPE reference" date="2008-04-04T11:17:00.340-04:00"> <contributor organization="The MITRE Corporation">Andrew Buttner</contributor> </modified> <status_change date="2008-04-21T04:00:21.761-04:00">INTERIM</status_change> <status_change date="2008-05-12T04:00:15.160-04:00">ACCEPTED</status_change> </dates> <status>ACCEPTED</status> </oval_repository> </metadata> <criteria> <criterion comment="the installed operating system is part of the Microsoft Windows family" test_ref="oval:org.mitre.oval:tst:99" /> <criterion comment="Windows Server 2008 is installed" test_ref="oval:org.mitre.oval:tst:7697" /> <criterion comment="a version of Windows for the x64 architecture is installed" test_ref="oval:org.mitre.oval:tst:3653" /> </criteria> </definition> <definition id="oval:org.mitre.oval:def:105" version="3" class="inventory"> <metadata> <title>Microsoft Windows XP is installed</title> <affected family="windows"> <platform>Microsoft Windows XP</platform> </affected> <reference source="CPE" ref_id="cpe:/o:microsoft:windows_xp" /> <description>The operating system installed on the system is Microsoft Windows XP.</description> <oval_repository> <dates> <submitted date="2006-06-26T12:55:00.000-04:00"> <contributor organization="The MITRE Corporation">Andrew Buttner</contributor> </submitted> <status_change date="2006-06-26T12:55:00.000-04:00">ACCEPTED</status_change> <modified comment="Added CPE reference." date="2007-04-30T07:48:00.244-04:00"> <contributor organization="The MITRE Corporation">Jonathan Baker</contributor> </modified> <status_change date="2007-04-30T08:01:55.267-04:00">INTERIM</status_change> <status_change date="2007-05-23T15:05:25.969-04:00">ACCEPTED</status_change> <modified comment="Changed the CPE reference" date="2008-04-04T11:17:00.073-04:00"> <contributor organization="The MITRE Corporation">Andrew Buttner</contributor> </modified> <status_change date="2008-04-04T11:27:52.098-04:00">INTERIM</status_change> <status_change date="2008-04-21T04:00:10.499-04:00">ACCEPTED</status_change> </dates> <status>ACCEPTED</status> </oval_repository> </metadata> <criteria operator="AND"> <criterion comment="the installed operating system is part of the Microsoft Windows family" test_ref="oval:org.mitre.oval:tst:99" /> <criterion comment="a version of Microsoft Windows XP is installed" test_ref="oval:org.mitre.oval:tst:3" /> </criteria> </definition> <definition id="oval:org.mitre.oval:def:228" version="3" class="inventory"> <metadata> <title>Microsoft Windows Vista is installed</title> <affected family="windows"> <platform>Microsoft Windows Vista</platform> </affected> <reference source="CPE" ref_id="cpe:/o:microsoft:windows_vista" /> <description>The operating system installed on the system is Microsoft Windows Vista</description> <oval_repository> <dates> <submitted date="2007-02-13T12:46:06"> <contributor organization="Secure Elements, Inc.">Dragos Prisaca</contributor> </submitted> <status_change date="2007-02-13T14:53:06-04:00">DRAFT</status_change> <status_change date="2007-03-21T16:17:12.775-04:00">INTERIM</status_change> <status_change date="2007-04-13T15:13:39.760-04:00">ACCEPTED</status_change> <modified comment="Added CPE reference." date="2007-04-30T07:48:00.893-04:00"> <contributor organization="The MITRE Corporation">Jonathan Baker</contributor> </modified> <status_change date="2007-04-30T07:56:25.929-04:00">INTERIM</status_change> <status_change date="2007-05-23T15:05:40.286-04:00">ACCEPTED</status_change> <modified comment="Vista test updated because of the conflictions with Server 2008" date="2008-03-26T10:51:02.210-04:00"> <contributor organization="Secure Elements, Inc.">Sudhir Gandhe</contributor> </modified> <status_change date="2008-03-31T04:00:22.690-04:00">INTERIM</status_change> <modified comment="Changed the CPE reference" date="2008-04-04T11:17:00.315-04:00"> <contributor organization="The MITRE Corporation">Andrew Buttner</contributor> </modified> <status_change date="2008-04-21T04:00:18.129-04:00">ACCEPTED</status_change> </dates> <status>ACCEPTED</status> </oval_repository> </metadata> <criteria> <criterion comment="the installed operating system is part of the Microsoft Windows family" test_ref="oval:org.mitre.oval:tst:99" /> <criterion comment="Windows Vista is installed" test_ref="oval:org.mitre.oval:tst:7914" /> </criteria> </definition> <definition id="oval:org.mitre.oval:def:128" version="3" class="inventory"> <metadata> <title>Microsoft Windows Server 2003 is installed</title> <affected family="windows"> <platform>Microsoft Windows Server 2003</platform> </affected> <reference source="CPE" ref_id="cpe:/o:microsoft:windows_2003" /> <description>The operating system installed on the system is Microsoft Windows Server 2003.</description> <oval_repository> <dates> <submitted date="2006-06-26T12:55:00.000-04:00"> <contributor organization="The MITRE Corporation">Andrew Buttner</contributor> </submitted> <status_change date="2006-06-26T12:55:00.000-04:00">ACCEPTED</status_change> <modified comment="Added CPE reference." date="2007-04-30T07:48:00.775-04:00"> <contributor organization="The MITRE Corporation">Jonathan Baker</contributor> </modified> <status_change date="2007-04-30T08:05:37.807-04:00">INTERIM</status_change> <status_change date="2007-05-23T15:05:26.547-04:00">ACCEPTED</status_change> <modified comment="Changed the CPE reference" date="2008-04-04T11:17:00.348-04:00"> <contributor organization="The MITRE Corporation">Andrew Buttner</contributor> </modified> <status_change date="2008-04-04T11:26:22.372-04:00">INTERIM</status_change> <status_change date="2008-04-21T04:00:11.254-04:00">ACCEPTED</status_change> </dates> <status>ACCEPTED</status> </oval_repository> </metadata> <criteria operator="AND"> <criterion comment="the installed operating system is part of the Microsoft Windows family" test_ref="oval:org.mitre.oval:tst:99" /> <criterion comment="a version of Microsoft Windows Server 2003 is installed" test_ref="oval:org.mitre.oval:tst:4" /> </criteria> </definition> <definition id="oval:org.mitre.oval:def:229" version="2" class="inventory"> <metadata> <title>Microsoft Windows 2000 SP4 or later is installed</title> <affected family="windows"> <platform>Microsoft Windows 2000</platform> </affected> <description>The operating system installed on the system is Microsoft Windows 2000 SP4.</description> <oval_repository> <dates> <submitted date="2006-07-25T12:05:33"> <contributor organization="ThreatGuard, Inc.">Robert L. Hollis</contributor> </submitted> <status_change date="2006-07-27T20:15:00.000-04:00">DRAFT</status_change> <status_change date="2006-09-27T12:29:16.978-04:00">INTERIM</status_change> <status_change date="2006-10-16T15:58:35.885-04:00">ACCEPTED</status_change> <modified comment="Added CPE reference." date="2007-04-30T07:48:00.915-04:00"> <contributor organization="The MITRE Corporation">Jonathan Baker</contributor> </modified> <status_change date="2007-04-30T08:11:20.008-04:00">INTERIM</status_change> <status_change date="2007-05-23T15:05:40.599-04:00">ACCEPTED</status_change> </dates> <status>ACCEPTED</status> </oval_repository> </metadata> <criteria operator="AND"> <criterion comment="the installed operating system is part of the Microsoft Windows family" test_ref="oval:org.mitre.oval:tst:99" /> <criterion comment="Windows 2000 is installed" test_ref="oval:org.mitre.oval:tst:2" /> <criterion comment="SP4 or later Installed" test_ref="oval:org.mitre.oval:tst:3073" /> </criteria> </definition> </definitions> <tests> <registry_test id="oval:org.mitre.oval:tst:3089" version="2" comment="Windows NT 4.0 is installed" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows"> < | ||||||||||||||||||