New aix ovals
|
|
Wood, Michael
|
Here is a new bulk file for AIX 5.3 that includes these new OVALs
oval:com.hp.oval:def:20080624001 - CVE-2008-0588 oval:com.hp.oval:def:20080624002 - CVE-2008-0587 oval:com.hp.oval:def:20080624003 - CVE-2008-0586 oval:com.hp.oval:def:20080624004 - CVE-2008-0584 oval:com.hp.oval:def:20080624005 - CVE-2007-5764 oval:com.hp:oval:def:20080624006 - CVE-2007-4513 Thanks, --Michael Wood To unsubscribe, send an email message to LISTSERV@... with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to OVAL-DISCUSSION-LIST-request@.... <?xml version="1.0" encoding="UTF-8"?> <oval_definitions xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#aix aix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5"> <generator> <oval:product_name>The OVAL Repository</oval:product_name> <oval:schema_version>5.4</oval:schema_version> <oval:timestamp>2008-06-24T09:07:01.336-04:00</oval:timestamp> </generator> <definitions> <definition id="oval:org.mitre.oval:def:5321" version="1" class="vulnerability"> <metadata> <title>IBM AIX Multiple Privilege Escalation and Security Bypass Vulnerabilities</title> <affected family="unix"> <platform>IBM AIX 5.2</platform> <platform>IBM AIX 5.3</platform> </affected> <reference source="CVE" ref_id="CVE-2008-1595" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1595"/> <description>The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which allows local users to obtain sensitive information.</description> <oval_repository> <dates> <submitted date="2008-04-18T15:10:44.000-05:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </submitted> <status_change date="2008-04-30T12:21:08.997-04:00">DRAFT</status_change> <status_change date="2008-05-19T04:00:12.079-04:00">INTERIM</status_change> <status_change date="2008-06-09T04:00:10.226-04:00">ACCEPTED</status_change> <modified comment="Modified the tests to apply to specific versions of AIX" date="2008-06-20T15:20:00.858-04:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </modified> <status_change date="2008-06-20T15:38:08.873-04:00">INTERIM</status_change> </dates> <status>INTERIM</status> </oval_repository> </metadata> <criteria operator="OR" comment="Software Section"> <criteria operator="AND" comment="IBM AIX 5200-10 meets CVE-2008-1595"> <extend_definition comment="IBM AIX 5200-10 is installed" definition_ref="oval:org.mitre.oval:def:5076"/> <criterion negate="true" comment="All filesets for APAR IZ06022 are installed" test_ref="oval:org.mitre.oval:tst:7136"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-06 meets CVE-2008-1595"> <extend_definition comment="IBM AIX 5300-06 is installed" definition_ref="oval:org.mitre.oval:def:4813"/> <criterion negate="true" comment="All filesets for APAR IZ06663 are installed" test_ref="oval:org.mitre.oval:tst:7896"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-07 meets CVE-2008-1595"> <extend_definition comment="IBM AIX 5300-07 is installed" definition_ref="oval:org.mitre.oval:def:5707"/> <criterion negate="true" comment="All filesets for APAR IZ06505 are installed" test_ref="oval:org.mitre.oval:tst:7599"/> </criteria> </criteria> </definition> <definition id="oval:org.mitre.oval:def:4595" version="1" class="vulnerability"> <metadata> <title>IBM AIX Kernel Bugs Let Local Users Execute Arbitrary Code, Access Data, and Deny Service</title> <affected family="unix"> <platform>IBM AIX 5.2</platform> <platform>IBM AIX 5.3</platform> <platform>IBM AIX 6.1</platform> </affected> <reference source="CVE" ref_id="CVE-2008-1593" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1593"/> <description>The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably related to the as_getadsp64 function.</description> <oval_repository> <dates> <submitted date="2008-04-18T15:10:44.000-05:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </submitted> <status_change date="2008-04-30T12:20:44.454-04:00">DRAFT</status_change> <status_change date="2008-05-19T04:00:07.571-04:00">INTERIM</status_change> <status_change date="2008-06-09T04:00:07.560-04:00">ACCEPTED</status_change> <modified comment="Modified the tests to apply to specific versions of AIX and added in IBM AIX 6.1 support" date="2008-06-20T15:20:00.912-04:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </modified> <status_change date="2008-06-20T15:37:08.931-04:00">INTERIM</status_change> </dates> <status>INTERIM</status> </oval_repository> </metadata> <criteria operator="OR" comment="Software Section"> <criteria operator="AND" comment="IBM AIX 5200-10 meets CVE-2008-1593"> <extend_definition comment="IBM AIX 5200-10 is installed" definition_ref="oval:org.mitre.oval:def:5076"/> <criterion negate="true" comment="All filesets for APAR IZ16992 are installed" test_ref="oval:org.mitre.oval:tst:7955"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-06 meets CVE-2008-1593"> <extend_definition comment="IBM AIX 5300-06 is installed" definition_ref="oval:org.mitre.oval:def:4813"/> <criterion negate="true" comment="All filesets for APAR IZ17111 are installed" test_ref="oval:org.mitre.oval:tst:7870"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-07 meets CVE-2008-1593"> <extend_definition comment="IBM AIX 5300-07 is installed" definition_ref="oval:org.mitre.oval:def:5707"/> <criterion negate="true" comment="All filesets for APAR IZ11820 are installed" test_ref="oval:org.mitre.oval:tst:7628"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-08 meets CVE-2008-1593"> <extend_definition comment="IBM AIX 5300-08 is installed" definition_ref="oval:org.mitre.oval:def:5293"/> <criterion negate="true" comment="All filesets for APAR IZ10749 are installed" test_ref="oval:org.mitre.oval:tst:8132"/> </criteria> <criteria operator="AND" comment="IBM AIX 6100-00 meets CVE-2008-1593"> <extend_definition comment="IBM AIX 6100-00 is installed" definition_ref="oval:org.mitre.oval:def:5589"/> <criterion negate="true" comment="All filesets for APAR IZ12794 are installed" test_ref="oval:org.mitre.oval:tst:8165"/> </criteria> </criteria> </definition> <definition id="oval:com.hp.oval:def:20080624001" version="0" class="vulnerability"> <metadata> <title>AIX utape buffer overflow</title> <affected family="unix"> <platform>IBM AIX 5.2</platform> <platform>IBM AIX 5.3</platform> <platform>IBM AIX 6.1</platform> </affected> <reference source="CVE" ref_id="CVE-2008-0588" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0588"/> <description>Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.</description> <oval_repository> <dates> <submitted date="2008-04-18T15:10:44.000-05:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </submitted> <status_change date="2008-04-30T12:20:44.454-04:00">DRAFT</status_change> <status_change date="2008-05-19T04:00:07.571-04:00">INTERIM</status_change> <status_change date="2008-06-09T04:00:07.560-04:00">ACCEPTED</status_change> <status_change date="2008-06-20T15:37:08.931-04:00">INTERIM</status_change> </dates> <status>INTERIM</status> </oval_repository> </metadata> <criteria operator="OR" comment="Software Section"> <criteria operator="AND" comment="IBM AIX 5200-10 meets CVE-2008-0588"> <extend_definition comment="IBM AIX 5200-10 is installed" definition_ref="oval:org.mitre.oval:def:5076"/> <criterion negate="true" comment="All filesets for APAR IZ06260 are installed" test_ref="oval:com.hp.oval:tst:20080624001"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-06 meets CVE-2008-0588"> <extend_definition comment="IBM AIX 5300-06 is installed" definition_ref="oval:org.mitre.oval:def:4813"/> <criterion negate="true" comment="All filesets for APAR IZ06620 are installed" test_ref="oval:com.hp.oval:tst:20080624002"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-07 meets CVE-2008-0588"> <extend_definition comment="IBM AIX 5300-07 is installed" definition_ref="oval:org.mitre.oval:def:5707"/> <criterion negate="true" comment="All filesets for APAR IZ06488 are installed" test_ref="oval:com.hp.oval:tst:20080624003"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-08 meets CVE-2008-0588"> <extend_definition comment="IBM AIX 5300-08 is installed" definition_ref="oval:org.mitre.oval:def:5293"/> <criterion negate="true" comment="All filesets for APAR IZ07041 are installed" test_ref="oval:com.hp.oval:tst:20080624004"/> </criteria> <criteria operator="AND" comment="IBM AIX 6100-00 meets CVE-2008-0588"> <extend_definition comment="IBM AIX 6100-00 is installed" definition_ref="oval:org.mitre.oval:def:5589"/> <criterion negate="true" comment="All filesets for APAR IZ06315 are installed" test_ref="oval:com.hp.oval:tst:20080624005"/> </criteria> </criteria> </definition> <definition id="oval:com.hp.oval:def:20080624002" version="0" class="vulnerability"> <metadata> <title>AIX uspchrp buffer overflow</title> <affected family="unix"> <platform>IBM AIX 5.2</platform> <platform>IBM AIX 5.3</platform> <platform>IBM AIX 6.1</platform> </affected> <reference source="CVE" ref_id="CVE-2008-0587" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0587"/> <description>Buffer overflow in the uspchrp program in devices.chrp.base.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.</description> <oval_repository> <dates> <submitted date="2008-04-18T15:10:44.000-05:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </submitted> <status_change date="2008-04-30T12:20:44.454-04:00">DRAFT</status_change> <status_change date="2008-05-19T04:00:07.571-04:00">INTERIM</status_change> <status_change date="2008-06-09T04:00:07.560-04:00">ACCEPTED</status_change> <status_change date="2008-06-20T15:37:08.931-04:00">INTERIM</status_change> </dates> <status>INTERIM</status> </oval_repository> </metadata> <criteria operator="OR" comment="Software Section"> <criteria operator="AND" comment="IBM AIX 5200-10 meets CVE-2008-0587"> <extend_definition comment="IBM AIX 5200-10 is installed" definition_ref="oval:org.mitre.oval:def:5076"/> <criterion negate="true" comment="All filesets for APAR IZ06261 are installed" test_ref="oval:com.hp.oval:tst:20080624006"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-06 meets CVE-2008-0587"> <extend_definition comment="IBM AIX 5300-06 is installed" definition_ref="oval:org.mitre.oval:def:4813"/> <criterion negate="true" comment="All filesets for APAR IZ06621 are installed" test_ref="oval:com.hp.oval:tst:20080624007"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-07 meets CVE-2008-0587"> <extend_definition comment="IBM AIX 5300-07 is installed" definition_ref="oval:org.mitre.oval:def:5707"/> <criterion negate="true" comment="All filesets for APAR IZ06489 are installed" test_ref="oval:com.hp.oval:tst:20080624008"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-08 meets CVE-2008-0587"> <extend_definition comment="IBM AIX 5300-08 is installed" definition_ref="oval:org.mitre.oval:def:5293"/> <criterion negate="true" comment="All filesets for APAR IZ07042 are installed" test_ref="oval:com.hp.oval:tst:20080624009"/> </criteria> <criteria operator="AND" comment="IBM AIX 6100-00 meets CVE-2008-0587"> <extend_definition comment="IBM AIX 6100-00 is installed" definition_ref="oval:org.mitre.oval:def:5589"/> <criterion negate="true" comment="All filesets for APAR IZ06317 are installed" test_ref="oval:com.hp.oval:tst:20080624010"/> </criteria> </criteria> </definition> <definition id="oval:com.hp.oval:def:20080624003" version="0" class="vulnerability"> <metadata> <title>AIX Logical Volume Manager buffer overflow</title> <affected family="unix"> <platform>IBM AIX 5.2</platform> <platform>IBM AIX 5.3</platform> </affected> <reference source="CVE" ref_id="CVE-2008-0586" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0586"/> <description>Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) lchangevg, (2) ldeletepv, (3) putlvodm, (4) lvaryoffvg, and (5) lvgenminor programs in bos.rte.lvm; and the (6) tellclvmd program in bos.clvm.enh.</description> <oval_repository> <dates> <submitted date="2008-04-18T15:10:44.000-05:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </submitted> <status_change date="2008-04-30T12:20:44.454-04:00">DRAFT</status_change> <status_change date="2008-05-19T04:00:07.571-04:00">INTERIM</status_change> <status_change date="2008-06-09T04:00:07.560-04:00">ACCEPTED</status_change> <status_change date="2008-06-20T15:37:08.931-04:00">INTERIM</status_change> </dates> <status>INTERIM</status> </oval_repository> </metadata> <criteria operator="OR" comment="Software Section"> <criteria operator="AND" comment="IBM AIX 5.2 meets CVE-2008-0586"> <extend_definition comment="IBM AIX 5.2 is installed" definition_ref="oval:org.mitre.oval:def:5189"/> <criteria operator="OR"> <criterion negate="true" comment="All filesets for APAR IZ10828 are installed" test_ref="oval:com.hp.oval:tst:20080624011"/> <criterion negate="true" comment="All filesets for APAR IZ00559 are installed" test_ref="oval:com.hp.oval:tst:20080624012"/> </criteria> </criteria> <criteria operator="AND" comment="IBM AIX 5300-06 meets CVE-2008-0586"> <extend_definition comment="IBM AIX 5300-06 is installed" definition_ref="oval:org.mitre.oval:def:4813"/> <criteria operator="OR"> <criterion negate="true" comment="All filesets for APAR IY99537 are installed" test_ref="oval:com.hp.oval:tst:20080624013"/> <criterion negate="true" comment="All filesets for APAR IY98340 are installed" test_ref="oval:com.hp.oval:tst:20080624014"/> <criterion negate="true" comment="All filesets for APAR IY98331 are installed" test_ref="oval:com.hp.oval:tst:20080624015"/> </criteria> </criteria> <criteria operator="AND" comment="IBM AIX 5300-07 meets CVE-2008-0586"> <extend_definition comment="IBM AIX 5300-07 is installed" definition_ref="oval:org.mitre.oval:def:5707"/> <criteria operator="OR"> <criterion negate="true" comment="All filesets for APAR IY99517 are installed" test_ref="oval:com.hp.oval:tst:20080624016"/> <criterion negate="true" comment="All filesets for APAR IY98540 are installed" test_ref="oval:com.hp.oval:tst:20080624017"/> <criterion negate="true" comment="All filesets for APAR IY98488 are installed" test_ref="oval:com.hp.oval:tst:20080624018"/> </criteria> </criteria> </criteria> </definition> <definition id="oval:com.hp.oval:def:20080624004" version="0" class="vulnerability"> <metadata> <title>AIX swap commands buffer overflow</title> <affected family="unix"> <platform>IBM AIX 5.2</platform> <platform>IBM AIX 5.3</platform> </affected> <reference source="CVE" ref_id="CVE-2008-0584" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0584"/> <description>Multiple buffer overflows in bos.rte.control in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) swap, (2) swapoff, and (3) swapon programs.</description> <oval_repository> <dates> <submitted date="2008-04-18T15:10:44.000-05:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </submitted> <status_change date="2008-04-30T12:20:44.454-04:00">DRAFT</status_change> <status_change date="2008-05-19T04:00:07.571-04:00">INTERIM</status_change> <status_change date="2008-06-09T04:00:07.560-04:00">ACCEPTED</status_change> <status_change date="2008-06-20T15:37:08.931-04:00">INTERIM</status_change> </dates> <status>INTERIM</status> </oval_repository> </metadata> <criteria operator="OR" comment="Software Section"> <criteria operator="AND" comment="IBM AIX 5200-10 meets CVE-2008-0584"> <extend_definition comment="IBM AIX 5200-10 is installed" definition_ref="oval:org.mitre.oval:def:5076"/> <criterion negate="true" comment="All filesets for APAR IY96905 are installed" test_ref="oval:com.hp.oval:tst:20080624019"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-06 meets CVE-2008-0584"> <extend_definition comment="IBM AIX 5300-06 is installed" definition_ref="oval:org.mitre.oval:def:4813"/> <criterion negate="true" comment="All filesets for APAR IY96101 are installed" test_ref="oval:com.hp.oval:tst:20080624020"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-07 meets CVE-2008-0584"> <extend_definition comment="IBM AIX 5300-07 is installed" definition_ref="oval:org.mitre.oval:def:5707"/> <criterion negate="true" comment="All filesets for APAR IY95874 are installed" test_ref="oval:com.hp.oval:tst:20080624021"/> </criteria> </criteria> </definition> <definition id="oval:com.hp.oval:def:20080624005" version="0" class="vulnerability"> <metadata> <title>AIX pioout buffer overflow</title> <affected family="unix"> <platform>IBM AIX 5.2</platform> <platform>IBM AIX 5.3</platform> <platform>IBM AIX 6.1</platform> </affected> <reference source="CVE" ref_id="CVE-2007-5764" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5764"/> <description>Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long command line option.</description> <oval_repository> <dates> <submitted date="2008-04-18T15:10:44.000-05:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </submitted> <status_change date="2008-04-30T12:20:44.454-04:00">DRAFT</status_change> <status_change date="2008-05-19T04:00:07.571-04:00">INTERIM</status_change> <status_change date="2008-06-09T04:00:07.560-04:00">ACCEPTED</status_change> <status_change date="2008-06-20T15:37:08.931-04:00">INTERIM</status_change> </dates> <status>INTERIM</status> </oval_repository> </metadata> <criteria operator="OR" comment="Software Section"> <criteria operator="AND" comment="IBM AIX 5200-10 meets CVE-2007-5764"> <extend_definition comment="IBM AIX 5200-10 is installed" definition_ref="oval:org.mitre.oval:def:5076"/> <criterion negate="true" comment="All filesets for APAR IZ10840 are installed" test_ref="oval:com.hp.oval:tst:20080624022"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-06 meets CVE-2007-5764"> <extend_definition comment="IBM AIX 5300-06 is installed" definition_ref="oval:org.mitre.oval:def:4813"/> <criterion negate="true" comment="All filesets for APAR IZ10841 are installed" test_ref="oval:com.hp.oval:tst:20080624023"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-07 meets CVE-2007-5764"> <extend_definition comment="IBM AIX 5300-07 is installed" definition_ref="oval:org.mitre.oval:def:5707"/> <criterion negate="true" comment="All filesets for APAR IZ10842 are installed" test_ref="oval:com.hp.oval:tst:20080624024"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-08 meets CVE-2007-5764"> <extend_definition comment="IBM AIX 5300-08 is installed" definition_ref="oval:org.mitre.oval:def:5293"/> <criterion negate="true" comment="All filesets for APAR IZ10843 are installed" test_ref="oval:com.hp.oval:tst:20080624025"/> </criteria> <criteria operator="AND" comment="IBM AIX 6100-00 meets CVE-2007-5764"> <extend_definition comment="IBM AIX 6100-00 is installed" definition_ref="oval:org.mitre.oval:def:5589"/> <criterion negate="true" comment="All filesets for APAR IZ10844 are installed" test_ref="oval:com.hp.oval:tst:20080624026"/> </criteria> </criteria> </definition> <definition id="oval:com.hp.oval:def:20080624006" version="0" class="vulnerability"> <metadata> <title>IBM AIX lquerypv Local Privilege Escalation Vulnerability</title> <affected family="unix"> <platform>IBM AIX 5.2</platform> <platform>IBM AIX 5.3</platform> <platform>IBM AIX 6.1</platform> </affected> <reference source="CVE" ref_id="CVE-2007-4513" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4513"/> <description>Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via a long argument to the (1) "-p" option to lqueryvg or (2) the "-V" option to lquerypv.</description> <oval_repository> <dates> <submitted date="2008-04-18T15:10:44.000-05:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </submitted> <status_change date="2008-04-30T12:20:44.454-04:00">DRAFT</status_change> <status_change date="2008-05-19T04:00:07.571-04:00">INTERIM</status_change> <status_change date="2008-06-09T04:00:07.560-04:00">ACCEPTED</status_change> <status_change date="2008-06-20T15:37:08.931-04:00">INTERIM</status_change> </dates> <status>INTERIM</status> </oval_repository> </metadata> <criteria operator="OR" comment="Software Section"> <criteria operator="AND" comment="IBM AIX 5200-10 meets CVE-2007-4513"> <extend_definition comment="IBM AIX 5200-10 is installed" definition_ref="oval:org.mitre.oval:def:5076"/> <criterion negate="true" comment="All filesets for APAR IZ05877 are installed" test_ref="oval:com.hp.oval:tst:20080624027"/> <criterion negate="true" comment="All filesets for APAR IZ05349 are installed" test_ref="oval:com.hp.oval:tst:20080624028"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-06 meets CVE-2007-4513"> <extend_definition comment="IBM AIX 5300-06 is installed" definition_ref="oval:org.mitre.oval:def:4813"/> <criterion negate="true" comment="All filesets for APAR IZ05971 are installed" test_ref="oval:com.hp.oval:tst:20080624029"/> <criterion negate="true" comment="All filesets for APAR IZ05129 are installed" test_ref="oval:com.hp.oval:tst:20080624030"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-07 meets CVE-2007-4513"> <extend_definition comment="IBM AIX 5300-07 is installed" definition_ref="oval:org.mitre.oval:def:5707"/> <criterion negate="true" comment="All filesets for APAR IZ06079 are installed" test_ref="oval:com.hp.oval:tst:20080624031"/> <criterion negate="true" comment="All filesets for APAR IZ05200 are installed" test_ref="oval:com.hp.oval:tst:20080624032"/> </criteria> </criteria> </definition> <definition id="oval:org.mitre.oval:def:5169" version="1" class="vulnerability"> <metadata> <title>IBM AIX "man" Untrusted Binaries Path Privilege Escalation Vulnerability</title> <affected family="unix"> <platform>IBM AIX 5.3</platform> <platform>IBM AIX 6.1</platform> </affected> <reference source="CVE" ref_id="CVE-2008-1274" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1274"/> <description>Untrusted search path vulnerability in man in IBM AIX 6.1.0 allows local users to execute arbitrary code via a malicious program in the man directory.</description> <oval_repository> <dates> <submitted date="2008-04-11T15:10:44.000-05:00"> <contributor organization="Hewlett-Packard">Yuzheng Zhou</contributor> </submitted> <status_change date="2008-04-11T14:12:20.600-04:00">DRAFT</status_change> <status_change date="2008-04-28T04:00:07.806-04:00">INTERIM</status_change> <status_change date="2008-05-19T04:00:09.619-04:00">ACCEPTED</status_change> <modified comment="Updated definition to include IBM AIX 6.1" date="2008-06-20T15:20:00.807-04:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </modified> <status_change date="2008-06-20T15:38:35.821-04:00">INTERIM</status_change> </dates> <status>INTERIM</status> </oval_repository> </metadata> <criteria operator="OR" comment="Software Section"> <criteria operator="AND" comment="IBM AIX 5.3 meets CVE-2008-1274"> <extend_definition comment="IBM AIX 5.3 is installed" definition_ref="oval:org.mitre.oval:def:5325"/> <criteria operator="OR"> <criterion negate="true" comment="All filesets for APAR IZ17360 are installed" test_ref="oval:org.mitre.oval:tst:7916"/> <criterion negate="true" comment="All filesets for APAR IZ17390 are installed" test_ref="oval:org.mitre.oval:tst:7946"/> </criteria> </criteria> <criteria operator="AND" comment="IBM AIX 6.1 meets CVE-2008-1274"> <extend_definition comment="IBM AIX 6.1 is installed" definition_ref="oval:org.mitre.oval:def:5267"/> <criteria operator="OR"> <criterion negate="true" comment="All filesets for APAR IZ17177 are installed" test_ref="oval:org.mitre.oval:tst:7652"/> <criterion negate="true" comment="All filesets for APAR IZ17372 are installed" test_ref="oval:org.mitre.oval:tst:7938"/> </criteria> </criteria> </criteria> </definition> <definition id="oval:org.mitre.oval:def:5434" version="1" class="vulnerability"> <metadata> <title>IBM AIX Multiple Privilege Escalation and Security Bypass Vulnerabilities</title> <affected family="unix"> <platform>IBM AIX 5.2</platform> <platform>IBM AIX 5.3</platform> </affected> <reference source="CVE" ref_id="CVE-2008-1594" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1593"/> <description>The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a filesystem's size.</description> <oval_repository> <dates> <submitted date="2008-04-18T15:10:44.000-05:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </submitted> <status_change date="2008-04-30T12:20:55.873-04:00">DRAFT</status_change> <status_change date="2008-05-19T04:00:14.414-04:00">INTERIM</status_change> <status_change date="2008-06-09T04:00:10.651-04:00">ACCEPTED</status_change> <modified comment="Modified the tests to apply to specific versions of AIX" date="2008-06-20T15:20:00.673-04:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </modified> <status_change date="2008-06-20T15:37:52.685-04:00">INTERIM</status_change> </dates> <status>INTERIM</status> </oval_repository> </metadata> <criteria operator="OR" comment="Software Section"> <criteria operator="AND" comment="IBM AIX 5200-10 meets CVE-2008-1594"> <extend_definition comment="IBM AIX 5200-10 is installed" definition_ref="oval:org.mitre.oval:def:5076"/> <criterion negate="true" comment="All filesets for APAR IZ05246 are installed" test_ref="oval:org.mitre.oval:tst:8006"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-06 meets CVE-2008-1594"> <extend_definition comment="IBM AIX 5300-06 is installed" definition_ref="oval:org.mitre.oval:def:4813"/> <criterion negate="true" comment="All filesets for APAR IZ04953 are installed" test_ref="oval:org.mitre.oval:tst:7657"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-07 meets CVE-2008-1594"> <extend_definition comment="IBM AIX 5300-07 is installed" definition_ref="oval:org.mitre.oval:def:5707"/> <criterion negate="true" comment="All filesets for APAR IZ04946 are installed" test_ref="oval:org.mitre.oval:tst:7879"/> </criteria> </criteria> </definition> <definition id="oval:org.mitre.oval:def:5468" version="1" class="vulnerability"> <metadata> <title>IBM AIX 'nddstat' Commands Let Local Users Gain Root Privileges</title> <affected family="unix"> <platform>IBM AIX 5.2</platform> <platform>IBM AIX 5.3</platform> <platform>IBM AIX 6.1</platform> </affected> <reference source="CVE" ref_id="CVE-2008-1599" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1599"/> <description>The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat.</description> <oval_repository> <dates> <submitted date="2008-04-18T15:10:44.000-05:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </submitted> <status_change date="2008-04-30T12:21:20.476-04:00">DRAFT</status_change> <status_change date="2008-05-19T04:00:19.422-04:00">INTERIM</status_change> <status_change date="2008-06-09T04:00:14.415-04:00">ACCEPTED</status_change> <modified comment="Modified the tests to apply to specific versions of AIX and added in IBM AIX 6.1 support" date="2008-06-20T15:20:00.892-04:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </modified> <status_change date="2008-06-20T15:36:54.910-04:00">INTERIM</status_change> </dates> <status>INTERIM</status> </oval_repository> </metadata> <criteria operator="OR" comment="Software Section"> <criteria operator="AND" comment="IBM AIX 5200-10 meets CVE-2008-1599"> <extend_definition comment="IBM AIX 5200-10 is installed" definition_ref="oval:org.mitre.oval:def:5076"/> <criterion negate="true" comment="All filesets for APAR IZ16991 are installed" test_ref="oval:org.mitre.oval:tst:7553"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-06 meets CVE-2008-1599"> <extend_definition comment="IBM AIX 5300-06 is installed" definition_ref="oval:org.mitre.oval:def:4813"/> <criterion negate="true" comment="All filesets for APAR IZ17058 are installed" test_ref="oval:org.mitre.oval:tst:7479"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-07 meets CVE-2008-1599"> <extend_definition comment="IBM AIX 5300-07 is installed" definition_ref="oval:org.mitre.oval:def:5707"/> <criterion negate="true" comment="All filesets for APAR IZ17059 are installed" test_ref="oval:org.mitre.oval:tst:7959"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-08 meets CVE-2008-1599"> <extend_definition comment="IBM AIX 5300-08 is installed" definition_ref="oval:org.mitre.oval:def:5293"/> <criterion negate="true" comment="All filesets for APAR IZ14508 are installed" test_ref="oval:org.mitre.oval:tst:8136"/> </criteria> <criteria operator="AND" comment="IBM AIX 6100-00 meets CVE-2008-1599"> <extend_definition comment="IBM AIX 6100-00 is installed" definition_ref="oval:org.mitre.oval:def:5589"/> <criterion negate="true" comment="All filesets for APAR IZ16975 are installed" test_ref="oval:org.mitre.oval:tst:7993"/> </criteria> </criteria> </definition> <definition id="oval:org.mitre.oval:def:5497" version="1" class="vulnerability"> <metadata> <title>IBM AIX Buffer Overflow in 'reboot' Command Lets Local Users Execute Arbitrary Code</title> <affected family="unix"> <platform>IBM AIX 5.2</platform> <platform>IBM AIX 5.3</platform> </affected> <reference source="CVE" ref_id="CVE-2008-1601" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1601"/> <description>Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and 5.3 allows local users in the shutdown group to gain privileges.</description> <oval_repository> <dates> <submitted date="2008-04-11T15:10:44.000-05:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </submitted> <status_change date="2008-04-30T12:21:45.365-04:00">DRAFT</status_change> <status_change date="2008-05-19T04:00:22.154-04:00">INTERIM</status_change> <status_change date="2008-06-09T04:00:16.589-04:00">ACCEPTED</status_change> <modified comment="Modified the tests to apply to specific versions of AIX" date="2008-06-20T15:20:00.752-04:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </modified> <status_change date="2008-06-20T15:37:39.765-04:00">INTERIM</status_change> </dates> <status>INTERIM</status> </oval_repository> </metadata> <criteria operator="OR" comment="Software Section"> <criteria operator="AND" comment="IBM AIX 5200-10 meets CVE-2008-1601"> <extend_definition comment="IBM AIX 5200-10 is installed" definition_ref="oval:org.mitre.oval:def:5076"/> <criterion negate="true" comment="All filesets for APAR IZ15479 are installed" test_ref="oval:org.mitre.oval:tst:8052"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-06 meets CVE-2008-1601"> <extend_definition comment="IBM AIX 5300-06 is installed" definition_ref="oval:org.mitre.oval:def:4813"/> <criterion negate="true" comment="All filesets for APAR IZ15480 are installed" test_ref="oval:org.mitre.oval:tst:8041"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-07 meets CVE-2008-1601"> <extend_definition comment="IBM AIX 5300-07 is installed" definition_ref="oval:org.mitre.oval:def:5707"/> <criterion negate="true" comment="All filesets for APAR IZ06078 are installed" test_ref="oval:org.mitre.oval:tst:8053"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-08 meets CVE-2008-1601"> <extend_definition comment="IBM AIX 5300-08 is installed" definition_ref="oval:org.mitre.oval:def:5293"/> <criterion negate="true" comment="All filesets for APAR IZ06199 are installed" test_ref="oval:org.mitre.oval:tst:8088"/> </criteria> </criteria> </definition> <definition id="oval:org.mitre.oval:def:5566" version="1" class="vulnerability"> <metadata> <title>IBM AIX lsmcode Environment Variable Bug Lets Local Users Gain Root Privileges</title> <affected family="unix"> <platform>IBM AIX 5.2</platform> <platform>IBM AIX 5.3</platform> <platform>IBM AIX 6.1</platform> </affected> <reference source="CVE" ref_id="CVE-2008-1600" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1600"/> <description>The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329.</description> <oval_repository> <dates> <submitted date="2008-04-18T15:10:44.000-05:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </submitted> <status_change date="2008-04-30T12:21:33.851-04:00">DRAFT</status_change> <status_change date="2008-05-19T04:00:23.682-04:00">INTERIM</status_change> <status_change date="2008-06-09T04:00:19.356-04:00">ACCEPTED</status_change> <modified comment="Modified the tests to apply to specific versions of AIX and added in IBM AIX 6.1 support" date="2008-06-20T15:20:00.492-04:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </modified> <status_change date="2008-06-20T15:36:43.509-04:00">INTERIM</status_change> </dates> <status>INTERIM</status> </oval_repository> </metadata> <criteria operator="OR" comment="Software Section"> <criteria operator="AND" comment="IBM AIX 5200-10 meets CVE-2008-1600"> <extend_definition comment="IBM AIX 5200-10 is installed" definition_ref="oval:org.mitre.oval:def:5076"/> <criterion negate="true" comment="All filesets for APAR IZ15276 are installed" test_ref="oval:org.mitre.oval:tst:7798"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-06 meets CVE-2008-1600"> <extend_definition comment="IBM AIX 5300-06 is installed" definition_ref="oval:org.mitre.oval:def:4813"/> <criterion negate="true" comment="All filesets for APAR IZ15100 are installed" test_ref="oval:org.mitre.oval:tst:7818"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-07 meets CVE-2008-1600"> <extend_definition comment="IBM AIX 5300-07 is installed" definition_ref="oval:org.mitre.oval:def:5707"/> <criterion negate="true" comment="All filesets for APAR IZ15057 are installed" test_ref="oval:org.mitre.oval:tst:7496"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-08 meets CVE-2008-1600"> <extend_definition comment="IBM AIX 5300-08 is installed" definition_ref="oval:org.mitre.oval:def:5293"/> <criterion negate="true" comment="All filesets for APAR IZ14526 are installed" test_ref="oval:org.mitre.oval:tst:7551"/> </criteria> <criteria operator="AND" comment="IBM AIX 6100-00 meets CVE-2008-1600"> <extend_definition comment="IBM AIX 6100-00 is installed" definition_ref="oval:org.mitre.oval:def:5589"/> <criterion negate="true" comment="All filesets for APAR IZ15277 are installed" test_ref="oval:org.mitre.oval:tst:8011"/> </criteria> </criteria> </definition> <definition id="oval:org.mitre.oval:def:5707" version="0" class="inventory"> <metadata> <title>IBM AIX 5300-07 is installed</title> <affected family="unix"> <platform>IBM AIX 5.3</platform> </affected> <reference source="CPE" ref_id="cpe:/o:ibm:aix:5.3"/> <description>The operating system installed on the system is IBM AIX version 5300-07.</description> <oval_repository> <dates> <submitted date="2008-06-12T12:00:00.000-04:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </submitted> <status_change date="2008-04-11T14:12:19.480-04:00">DRAFT</status_change> <status_change date="2008-05-05T04:00:24.174-04:00">INTERIM</status_change> <status_change date="2008-05-26T04:00:20.886-04:00">ACCEPTED</status_change> </dates> <status>ACCEPTED</status> </oval_repository> </metadata> <criteria> <criterion comment="Version of IBM AIX installed is 5300-07" test_ref="oval:org.mitre.oval:tst:8029"/> </criteria> </definition> <definition id="oval:org.mitre.oval:def:5589" version="0" class="inventory"> <metadata> <title>IBM AIX 6100-00 is installed</title> <affected family="unix"> <platform>IBM AIX 6.1</platform> </affected> <reference source="CPE" ref_id="cpe:/o:ibm:aix:6.1"/> <description>The operating system installed on the system is IBM AIX version 6100-00.</description> <oval_repository> <dates> <submitted date="2008-06-12T12:00:00.000-04:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </submitted> <status_change date="2008-04-11T14:12:19.480-04:00">DRAFT</status_change> <status_change date="2008-05-05T04:00:24.174-04:00">INTERIM</status_change> <status_change date="2008-05-26T04:00:20.886-04:00">ACCEPTED</status_change> </dates> <status>ACCEPTED</status> </oval_repository> </metadata> <criteria> <criterion comment="Version of IBM AIX installed is 6100-00" test_ref="oval:org.mitre.oval:tst:8078"/> </criteria> </definition> <definition id="oval:org.mitre.oval:def:4813" version="0" class="inventory"> <metadata> <title>IBM AIX 5300-06 is installed</title> <affected family="unix"> <platform>IBM AIX 5.3</platform> </affected> <reference source="CPE" ref_id="cpe:/o:ibm:aix:5.3"/> <description>The operating system installed on the system is IBM AIX version 5300-06.</description> <oval_repository> <dates> <submitted date="2008-06-12T12:00:00.000-04:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </submitted> <status_change date="2008-04-11T14:12:19.480-04:00">DRAFT</status_change> <status_change date="2008-05-05T04:00:24.174-04:00">INTERIM</status_change> <status_change date="2008-05-26T04:00:20.886-04:00">ACCEPTED</status_change> </dates> <status>ACCEPTED</status> </oval_repository> </metadata> <criteria> <criterion comment="Version of IBM AIX installed is 5300-06" test_ref="oval:org.mitre.oval:tst:7945"/> </criteria> </definition> <definition id="oval:org.mitre.oval:def:4943" version="1" class="vulnerability"> <metadata> <title>AIX bellmail buffer overflow vulnerability</title> <affected family="unix"> <platform>IBM AIX 5.2</platform> <platform>IBM AIX 5.3</platform> </affected> <reference source="CVE" ref_id="CVE-2007-4623" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4623"/> <description>Stack-based buffer overflow in the sendrmt function in bellmail in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via a long parameter to the m command.</description> <oval_repository> <dates> <submitted date="2008-04-11T15:10:44.000-05:00"> <contributor organization="Hewlett-Packard">Yuzheng Zhou</contributor> </submitted> <status_change date="2008-04-11T14:12:20.234-04:00">DRAFT</status_change> <status_change date="2008-04-28T04:00:06.799-04:00">INTERIM</status_change> <status_change date="2008-05-19T04:00:08.528-04:00">ACCEPTED</status_change> </dates> <status>ACCEPTED</status> </oval_repository> </metadata> <criteria operator="OR" comment="Software Section"> <criteria operator="AND" comment="IBM AIX 5.2 meets CVE-2007-4623"> <criterion comment="The level of fileset bos.net.tcp.client is greater than or equal 5.2.0.0" test_ref="oval:org.mitre.oval:tst:7050"/> <criterion comment="The level of fileset bos.net.tcp.client is less than or equal 5.2.0.108" test_ref="oval:org.mitre.oval:tst:7261"/> </criteria> <criteria operator="AND" comment="IBM AIX 5.3 meets CVE-2007-4623"> <criterion comment="The level of fileset bos.net.tcp.client is greater than or equal 5.3.0.0" test_ref="oval:org.mitre.oval:tst:7735"/> <criterion comment="The level of fileset bos.net.tcp.client is less than or equal 5.3.0.64" test_ref="oval:org.mitre.oval:tst:7429"/> </criteria> </criteria> </definition> <definition id="oval:org.mitre.oval:def:5424" version="0" class="vulnerability"> <metadata> <title>IBM AIX Input Validation Flaw in iostat Command Lets Local Users Gain Root Privileges</title> <affected family="unix"> <platform>IBM AIX 5.3</platform> <platform>IBM AIX 6.1</platform> </affected> <reference source="CVE" ref_id="CVE-2008-2515" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2515"/> <description>Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an "environment variable handling error."</description> <oval_repository> <dates> <submitted date="2008-06-12T15:10:44.000-05:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </submitted> <status_change date="2008-06-20T16:05:11.747-04:00">DRAFT</status_change> </dates> <status>DRAFT</status> </oval_repository> </metadata> <criteria operator="OR" comment="Software Section"> <criteria operator="AND" comment="IBM AIX 5200-10 meets CVE-2008-2515"> <extend_definition comment="IBM AIX 5200-10 is installed" definition_ref="oval:org.mitre.oval:def:5076"/> <criterion negate="true" comment="All filesets for APAR IZ20635 are installed" test_ref="oval:org.mitre.oval:tst:7799"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-08 meets CVE-2008-2515"> <extend_definition comment="IBM AIX 5300-08 is installed" definition_ref="oval:org.mitre.oval:def:5293"/> <criterion negate="true" comment="All filesets for APAR IZ21506 are installed" test_ref="oval:org.mitre.oval:tst:8032"/> </criteria> <criteria operator="AND" comment="IBM AIX 5.3 meets CVE-2008-2515"> <extend_definition comment="IBM AIX 5.3 is installed" definition_ref="oval:org.mitre.oval:def:5325"/> <criteria operator="OR"> <criterion negate="true" comment="All filesets for APAR IZ22351 are installed" test_ref="oval:org.mitre.oval:tst:8180"/> <criterion negate="true" comment="All filesets for APAR IZ22350 are installed" test_ref="oval:org.mitre.oval:tst:7944"/> </criteria> </criteria> <criteria operator="AND" comment="IBM AIX 6.1 meets CVE-2008-2515"> <extend_definition comment="IBM AIX 6.1 is installed" definition_ref="oval:org.mitre.oval:def:5267"/> <criterion negate="true" comment="All filesets for APAR IZ22349 are installed" test_ref="oval:org.mitre.oval:tst:7525"/> </criteria> </criteria> </definition> <definition id="oval:org.mitre.oval:def:5629" version="0" class="vulnerability"> <metadata> <title>IBM AIX Buffer Overflow in errpt Command May Let Local Users Gain Elevated Privileges</title> <affected family="unix"> <platform>IBM AIX 5.3</platform> <platform>IBM AIX 6.1</platform> </affected> <reference source="CVE" ref_id="CVE-2008-2514" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2514"/> <description>Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown attack vectors.</description> <oval_repository> <dates> <submitted date="2008-06-12T15:10:44.000-05:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </submitted> <status_change date="2008-06-20T16:05:11.158-04:00">DRAFT</status_change> </dates> <status>DRAFT</status> </oval_repository> </metadata> <criteria operator="OR" comment="Software Section"> <criteria operator="AND" comment="IBM AIX 5200-10 meets CVE-2008-2514"> <extend_definition comment="IBM AIX 5200-10 is installed" definition_ref="oval:org.mitre.oval:def:5076"/> <criterion negate="true" comment="All filesets for APAR IZ19905 are installed" test_ref="oval:org.mitre.oval:tst:8063"/> </criteria> <criteria operator="AND" comment="IBM AIX 5300-08 meets CVE-2008-2514"> <extend_definition comment="IBM AIX 5300-08 is installed" definition_ref="oval:org.mitre.oval:def:5293"/> <criterion negate="true" comment="All filesets for APAR IZ21494 are installed" test_ref="oval:org.mitre.oval:tst:8211"/> </criteria> <criteria operator="AND" comment="IBM AIX 5.3 meets CVE-2008-2514"> <extend_definition comment="IBM AIX 5.3 is installed" definition_ref="oval:org.mitre.oval:def:5325"/> <criteria operator="OR"> <criterion negate="true" comment="All filesets for APAR IZ22346 are installed" test_ref="oval:org.mitre.oval:tst:7800"/> <criterion negate="true" comment="All filesets for APAR IZ22347 are installed" test_ref="oval:org.mitre.oval:tst:7919"/> </criteria> </criteria> <criteria operator="AND" comment="IBM AIX 6.1 meets CVE-2008-2514"> <extend_definition comment="IBM AIX 6.1 is installed" definition_ref="oval:org.mitre.oval:def:5267"/> <criterion negate="true" comment="All filesets for APAR IZ22348 are installed" test_ref="oval:org.mitre.oval:tst:7957"/> </criteria> </criteria> </definition> <definition id="oval:org.mitre.oval:def:5293" version="0" class="inventory"> <metadata> <title>IBM AIX 5300-08 is installed</title> <affected family="unix"> <platform>IBM AIX 5.3</platform> </affected> <reference source="CPE" ref_id="cpe:/o:ibm:aix:5.3"/> <description>The operating system installed on the system is IBM AIX version 5300-08.</description> <oval_repository> <dates> <submitted date="2008-06-12T12:00:00.000-04:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </submitted> <status_change date="2008-04-11T14:12:19.480-04:00">DRAFT</status_change> <status_change date="2008-05-05T04:00:24.174-04:00">INTERIM</status_change> <status_change date="2008-05-26T04:00:20.886-04:00">ACCEPTED</status_change> </dates> <status>ACCEPTED</status> </oval_repository> </metadata> <criteria> <criterion comment="Version of IBM AIX installed is 5300-08" test_ref="oval:org.mitre.oval:tst:8206"/> </criteria> </definition> <definition id="oval:org.mitre.oval:def:5076" version="0" class="inventory"> <metadata> <title>IBM AIX 5200-10 is installed</title> <affected family="unix"> <platform>IBM AIX 5.2</platform> </affected> <reference source="CPE" ref_id="cpe:/o:ibm:aix:5.2"/> <description>The operating system installed on the system is IBM AIX version 5200-10.</description> <oval_repository> <dates> <submitted date="2008-06-12T12:00:00.000-04:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </submitted> <status_change date="2008-04-11T14:12:19.480-04:00">DRAFT</status_change> <status_change date="2008-05-05T04:00:24.174-04:00">INTERIM</status_change> <status_change date="2008-05-26T04:00:20.886-04:00">ACCEPTED</status_change> </dates> <status>ACCEPTED</status> </oval_repository> </metadata> <criteria> <criterion comment="Version of IBM AIX installed is 5200-10" test_ref="oval:org.mitre.oval:tst:7784"/> </criteria> </definition> <definition id="oval:org.mitre.oval:def:5684" version="0" class="vulnerability"> <metadata> <title>IBM AIX Kernel Buffer Overflow Lets Local Users Gain Elevated Privileges or Deny Service</title> <affected family="unix"> <platform>IBM AIX 5.3</platform> <platform>IBM AIX 6.1</platform> </affected> <reference source="CVE" ref_id="CVE-2008-2513" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2513"/> <description>Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows local users to execute arbitrary code in kernel mode via unknown attack vectors.</description> <oval_repository> <dates> <submitted date="2008-06-12T15:10:44.000-05:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </submitted> <status_change date="2008-06-20T16:05:10.562-04:00">DRAFT</status_change> </dates> <status>DRAFT</status> </oval_repository> </metadata> <criteria operator="OR" comment="Software Section"> <criteria operator="AND" comment="IBM AIX 5.3 meets CVE-2008-2513"> <extend_definition comment="IBM AIX 5.3 is installed" definition_ref="oval:org.mitre.oval:def:5325"/> <criteria operator="OR"> <criterion negate="true" comment="All filesets for APAR IZ22369 are installed" test_ref="oval:org.mitre.oval:tst:7891"/> <criterion negate="true" comment="All filesets for APAR IZ22368 are installed" test_ref="oval:org.mitre.oval:tst:8207"/> </criteria> </criteria> <criteria operator="AND" comment="IBM AIX 6.1 meets CVE-2008-2513"> <extend_definition comment="IBM AIX 6.1 is installed" definition_ref="oval:org.mitre.oval:def:5267"/> <criterion negate="true" comment="All filesets for APAR IZ22370 are installed" test_ref="oval:org.mitre.oval:tst:8038"/> </criteria> </criteria> </definition> <definition id="oval:org.mitre.oval:def:5267" version="0" class="inventory"> <metadata> <title>IBM AIX 6.1 is installed</title> <affected family="unix"> <platform>IBM AIX 6.1</platform> </affected> <reference source="CPE" ref_id="cpe:/o:ibm:aix:6.1"/> <description>The operating system installed on the system is IBM AIX 6.1.</description> <oval_repository> <dates> <submitted date="2008-06-12T12:00:00.000-04:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </submitted> <modified comment="Use pattern matching for 6.1 test" date="2008-06-12T11:18:00.144-04:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </modified> <status_change date="2008-06-20T15:38:35.657-04:00">DRAFT</status_change> </dates> <status>DRAFT</status> </oval_repository> </metadata> <criteria> <criterion comment="Version of IBM AIX installed is 6.1" test_ref="oval:org.mitre.oval:tst:7752"/> </criteria> </definition> <definition id="oval:org.mitre.oval:def:5470" version="1" class="vulnerability"> <metadata> <title>IBM AIX buffer overflow in chcon command has unspecified impact</title> <affected family="unix"> <platform>IBM AIX 5.2</platform> <platform>IBM AIX 5.3</platform> </affected> <reference source="CVE" ref_id="CVE-2005-3396" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3396"/> <description>Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, when DEBUG MALLOC is enabled, might allow attackers to execute arbitrary code via a long command line argument.</description> <oval_repository> <dates> <submitted date="2008-04-11T15:10:44.000-05:00"> <contributor organization="Hewlett-Packard">Yuzheng Zhou</contributor> </submitted> <status_change date="2008-04-11T14:12:19.667-04:00">DRAFT</status_change> <status_change date="2008-04-28T04:00:20.015-04:00">INTERIM</status_change> <status_change date="2008-05-19T04:00:19.857-04:00">ACCEPTED</status_change> </dates> <status>ACCEPTED</status> </oval_repository> </metadata> <criteria operator="OR" comment="Software Section"> <criteria operator="AND" comment="IBM AIX 5.2 meets CVE-2005-3396"> <extend_definition comment="IBM AIX 5.2 is installed" definition_ref="oval:org.mitre.oval:def:5189"/> <criterion negate="true" comment="All filesets for APAR IY78253 are installed" test_ref="oval:org.mitre.oval:tst:7878"/> </criteria> <criteria operator="AND" comment="IBM AIX 5.3 meets CVE-2005-3396"> <extend_definition comment="IBM AIX 5.3 is installed" definition_ref="oval:org.mitre.oval:def:5325"/> <criterion negate="true" comment="All filesets for APAR IY78241 are installed" test_ref="oval:org.mitre.oval:tst:8016"/> </criteria> </criteria> </definition> <definition id="oval:org.mitre.oval:def:5325" version="1" class="inventory"> <metadata> <title>IBM AIX 5.3 is installed</title> <affected family="unix"> <platform>IBM AIX 5.3</platform> </affected> <reference source="CPE" ref_id="cpe:/o:ibm:aix:5.3"/> <description>The operating system installed on the system is IBM AIX 5.3.</description> <oval_repository> <dates> <submitted date="2008-04-11T12:00:00.000-04:00"> <contributor organization="Hewlett-Packard">Yuzheng Zhou</contributor> </submitted> <status_change date="2008-04-11T14:12:19.480-04:00">DRAFT</status_change> <status_change date="2008-05-05T04:00:24.174-04:00">INTERIM</status_change> <status_change date="2008-05-26T04:00:20.886-04:00">ACCEPTED</status_change> <modified comment="Use pattern matching for 5.3 test" date="2008-06-20T15:20:00.879-04:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </modified> <status_change date="2008-06-20T15:39:16.892-04:00">INTERIM</status_change> </dates> <status>INTERIM</status> </oval_repository> </metadata> <criteria> <criterion comment="IBM AIX version installed is 5.3" test_ref="oval:org.mitre.oval:tst:7524"/> </criteria> </definition> <definition id="oval:org.mitre.oval:def:5189" version="1" class="inventory"> <metadata> <title>IBM AIX 5.2 is installed</title> <affected family="unix"> <platform>IBM AIX 5.2</platform> </affected> <reference source="CPE" ref_id="cpe:/o:ibm:aix:5.2"/> <description>The operating system installed on the system is IBM AIX 5.2.</description> <oval_repository> <dates> <submitted date="2008-04-11T12:00:00.000-04:00"> <contributor organization="Hewlett-Packard">Yuzheng Zhou</contributor> </submitted> <status_change date="2008-04-11T14:12:18.969-04:00">DRAFT</status_change> <status_change date="2008-05-05T04:00:23.109-04:00">INTERIM</status_change> <status_change date="2008-05-26T04:00:20.296-04:00">ACCEPTED</status_change> <modified comment="Use pattern matching for 5.2 test" date="2008-06-20T15:20:00.483-04:00"> <contributor organization="Hewlett-Packard">Michael Wood</contributor> </modified> <status_change date="2008-06-20T15:39:00.497-04:00">INTERIM</status_change> </dates> <status>INTERIM</status> </oval_repository> </metadata> <criteria> <criterion comment="IBM AIX version installed is 5.2" test_ref="oval:org.mitre.oval:tst:8184"/> </criteria> </definition> </definitions> <tests> <fix_test id="oval:org.mitre.oval:tst:7896" version="1" comment="All filesets for APAR IZ06663 are installed" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix"> <object object_ref="oval:org.mitre.oval:obj:5806"/> <state state_ref="oval:org.mitre.oval:ste:3334"/> </fix_test> <fix_test id="oval:org.mitre.oval:tst:7599" version="1" comment="All filesets for APAR IZ06505 are installed" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix"> <object object_ref="oval:org.mitre.oval:obj:5657"/> <state state_ref="oval:org.mitre.oval:ste:3334"/> </fix_test> <fix_test id="oval:org.mitre.oval:tst:7136" version="1" comment="All filesets for APAR IZ06022 are installed" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix"> <object object_ref="oval:org.mitre.oval:obj:4933"/> <state state_ref="oval:org.mitre.oval:ste:3334"/> </fix_test> <fix_test id="oval:org.mitre.oval:tst:8165" version="1" comment="All filesets for APAR IZ12794 are installed" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix"> <object object_ref="oval:org.mitre.oval:obj:5575"/> <state state_ref="oval:org.mitre.oval:ste:3334"/> </fix_test> <fix_test id="oval:org.mitre.oval:tst:8132" version="1" comment="All filesets for APAR IZ10749 are installed" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix"> <object object_ref="oval:org.mitre.oval:obj:5328"/> <state state_ref="oval:org.mitre.oval:ste:3334"/> </fix_test> <fix_test id="oval:org.mitre.oval:tst:7955" version="1" comment="All filesets for APAR IZ16992 are installed" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix"> <object object_ref="oval:org.mitre.oval:obj:5550"/> <state state_ref="oval:org.mitre.oval:ste:3334"/> </fix_test> <fix_test id="oval:org.mitre.oval:tst:7870" version="1" comment="All filesets for APAR IZ17111 are installed" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix"> <object object_ref="oval:org.mitre.oval:obj:4959"/> <state state_ref="oval:org.mitre.oval:ste:3334"/> </fix_test> <fix_test id="oval:org.mitre.oval:tst:7628" version="1" comment="All filesets for APAR IZ11820 are installed" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix"> <object object_ref="oval:org.mitre.oval:obj:5724"/> <state state_ref="oval:org.mitre.oval:ste:3334"/> </fix_test> <fix_test id="oval:org.mitre.oval:tst:7946" version="1" comment="All filesets for APAR IZ17390 are installed" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix"> <object object_ref="oval:org.mitre.oval:obj:5400"/> <state state_ref="oval:org.mitre.oval:ste:3334"/> </fix_test> <fix_test id="oval:org.mitre.oval:tst:7938" version="1" comment="All filesets for APAR IZ17372 are installed" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix"> <object object_ref="oval:org.mitre.oval:obj:5924"/> <state state_ref="oval:org.mitre.oval:ste:3334"/> </fix_test> <fix_test id="oval:org.mitre.oval:tst:7916" version="1" comment="All filesets for APAR IZ17360 are installed" check_existence="at_least_one_exists" check="at least one" | |||||||||||||||
