Making Security Measurable › OVAL › OVAL Repository Forum

OVAL definition for Apple iTunes

2 messages Options
Embed this post
Permalink
prabhu-4

OVAL definition for Apple iTunes

Reply Threaded More More options
Print post
Permalink
Some javascript/style in this post has been disabled (why?) 
Vulnerability Definitions for Apple iTunes.

Thanks & Regards,
Prabhu.S.A
www.secpod.com
To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
<?xml version="1.0" encoding="UTF-8"?>
<oval_definitions xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows windows-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5">
  <generator>
    <oval:product_name>The OVAL Repository</oval:product_name>
    <oval:schema_version>5.6</oval:schema_version>
    <oval:timestamp>2009-10-01T10:23:32.871-04:00</oval:timestamp>
  </generator>
  <definitions>
    <definition id="oval:org.secpod.oval:def:91012" version="1" class="vulnerability">
      <metadata>
        <title>Apple iTunes '.pls' File Buffer Overflow Vulnerability</title>
        <affected family="windows">
          <platform>Microsoft Windows XP</platform>
          <platform>Microsoft Windows Vista</platform>
          <product>Apple iTunes</product>
        </affected>
        <reference source="CVE" ref_id="CVE-2009-2817" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2817"/>
        <description>Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file.</description>
        <oval_repository>
          <dates>
            <submitted date="2009-10-01T10:31:31">
              <contributor organization="SecPod Technologies">Prabhu S A</contributor>
            </submitted>
          </dates>
          <status>INITIAL SUBMISSION</status>
        </oval_repository>
      </metadata>
      <criteria operator="OR">
        <criteria operator="AND">
          <criteria operator="OR">
            <extend_definition comment="Microsoft Windows XP (x86) SP2 is installed" definition_ref="oval:org.mitre.oval:def:754"/>
            <extend_definition comment="Microsoft Windows XP (x86) SP3 is installed" definition_ref="oval:org.mitre.oval:def:5631"/>
            <extend_definition comment="Microsoft Windows Vista (32-bit) is installed" definition_ref="oval:org.mitre.oval:def:1282"/>
            <extend_definition comment="Microsoft Windows Vista (32-bit) Service Pack 1 is installed" definition_ref="oval:org.mitre.oval:def:4873"/>
          </criteria>
          <criterion comment="iTunes.exe version is less than 9.0.1.8" test_ref="oval:org.secpod.oval:tst:91014"/>
        </criteria>
      </criteria>
    </definition>
    <definition id="oval:org.mitre.oval:def:754" version="2" class="inventory">
      <metadata>
        <title>Microsoft Windows XP (x86) SP2 is installed</title>
        <affected family="windows">
          <platform>Microsoft Windows XP</platform>
        </affected>
        <reference source="CPE" ref_id="cpe:/o:microsoft:windows_xp::sp2:x86"/>
        <description>A version of Microsoft Windows XP (x86) Service Pack 2 is installed.</description>
        <oval_repository>
          <dates>
            <submitted date="2007-03-05T09:00:00">
              <contributor organization="The MITRE Corporation">Andrew Buttner</contributor>
            </submitted>
            <status_change date="2007-03-05T09:00:00">DRAFT</status_change>
            <status_change date="2007-03-21T16:17:26.869-04:00">INTERIM</status_change>
            <status_change date="2007-04-10T13:44:28.583-04:00">ACCEPTED</status_change>
            <modified comment="Changed the CPE reference" date="2008-04-04T11:17:00.434-04:00">
              <contributor organization="The MITRE Corporation">Andrew Buttner</contributor>
            </modified>
            <status_change date="2008-04-04T11:29:22.458-04:00">INTERIM</status_change>
            <status_change date="2008-04-21T04:00:24.359-04:00">ACCEPTED</status_change>
          </dates>
          <status>ACCEPTED</status>
        </oval_repository>
      </metadata>
      <criteria operator="AND">
        <criterion comment="the installed operating system is part of the Microsoft Windows family" test_ref="oval:org.mitre.oval:tst:99"/>
        <criterion comment="a version of Microsoft Windows XP is installed" test_ref="oval:org.mitre.oval:tst:3"/>
        <criterion comment="a version of Windows for the x86 architecture is installed" test_ref="oval:org.mitre.oval:tst:3823"/>
        <criterion comment="Win2K/XP/2003 service pack 2 is installed" test_ref="oval:org.mitre.oval:tst:3019"/>
      </criteria>
    </definition>
    <definition id="oval:org.mitre.oval:def:5631" version="1" class="inventory">
      <metadata>
        <title>Microsoft Windows XP (x86) SP3 is installed</title>
        <affected family="windows">
          <platform>Microsoft Windows XP</platform>
        </affected>
        <reference source="CPE" ref_id="cpe:/o:microsoft:windows_xp::sp3:x86"/>
        <description>A version of Microsoft Windows XP (x86) Service Pack 3 is installed.</description>
        <oval_repository>
          <dates>
            <submitted date="2008-06-10T14:50:00">
              <contributor organization="Secure Elements, Inc.">Sudhir Gandhe</contributor>
            </submitted>
            <status_change date="2008-06-12T13:58:47.155-04:00">DRAFT</status_change>
            <status_change date="2008-06-30T04:00:18.370-04:00">INTERIM</status_change>
            <status_change date="2008-07-21T04:00:18.901-04:00">ACCEPTED</status_change>
          </dates>
          <status>ACCEPTED</status>
        </oval_repository>
      </metadata>
      <criteria operator="AND">
        <criterion comment="the installed operating system is part of the Microsoft Windows family" test_ref="oval:org.mitre.oval:tst:99"/>
        <criterion comment="a version of Microsoft Windows XP is installed" test_ref="oval:org.mitre.oval:tst:3"/>
        <criterion comment="a version of Windows for the x86 architecture is installed" test_ref="oval:org.mitre.oval:tst:3823"/>
        <criterion comment="Win2K/XP/2003 service pack 3 is installed" test_ref="oval:org.mitre.oval:tst:7814"/>
      </criteria>
    </definition>
    <definition id="oval:org.mitre.oval:def:4873" version="1" class="inventory">
      <metadata>
        <title>Microsoft Windows Vista (32-bit) Service Pack 1 is installed</title>
        <affected family="windows">
          <platform>Microsoft Windows Vista</platform>
        </affected>
        <reference source="CPE" ref_id="cpe:/o:microsoft:windows_vista::sp1:x86"/>
        <description>The operating system installed on the system is Microsoft Windows Vista (32-bit) Service Pack 1</description>
        <oval_repository>
          <dates>
            <submitted date="2008-03-26T10:44:02">
              <contributor organization="Secure Elements, Inc.">Sudhir Gandhe</contributor>
            </submitted>
            <status_change date="2008-03-26T16:27:29.495-04:00">DRAFT</status_change>
            <modified comment="Changed the CPE reference" date="2008-04-04T11:17:00.108-04:00">
              <contributor organization="The MITRE Corporation">Andrew Buttner</contributor>
            </modified>
            <status_change date="2008-04-21T04:00:20.428-04:00">INTERIM</status_change>
            <status_change date="2008-05-12T04:00:14.497-04:00">ACCEPTED</status_change>
          </dates>
          <status>ACCEPTED</status>
        </oval_repository>
      </metadata>
      <criteria>
        <criterion comment="the installed operating system is part of the Microsoft Windows family" test_ref="oval:org.mitre.oval:tst:99"/>
        <criterion comment="Windows Vista is installed" test_ref="oval:org.mitre.oval:tst:7914"/>
        <criterion negate="true" comment="a version of Windows for the x64 architecture is installed" test_ref="oval:org.mitre.oval:tst:3653"/>
        <criterion comment="Win2K/XP/2003/Vista service pack 1 is installed" test_ref="oval:org.mitre.oval:tst:2843"/>
      </criteria>
    </definition>
    <definition id="oval:org.mitre.oval:def:1282" version="2" class="inventory">
      <metadata>
        <title>Microsoft Windows Vista (32-bit) is installed</title>
        <affected family="windows">
          <platform>Microsoft Windows Vista</platform>
        </affected>
        <reference source="CPE" ref_id="cpe:/o:microsoft:windows_vista:::x86"/>
        <description>The operating system installed on the system is Microsoft Windows Vista (32-bit)</description>
        <oval_repository>
          <dates>
            <submitted date="2007-04-11T11:27:37.975-04:00">
              <contributor organization="The MITRE Corporation">Jonathan Baker</contributor>
            </submitted>
            <status_change date="2007-04-11T12:15:00.000-04:00">DRAFT</status_change>
            <status_change date="2007-04-30T08:18:46.566-04:00">INTERIM</status_change>
            <status_change date="2007-05-23T15:05:26.800-04:00">ACCEPTED</status_change>
            <modified comment="Vista test updated because of the conflictions with Server 2008" date="2008-03-26T10:51:02.210-04:00">
              <contributor organization="Secure Elements, Inc.">Sudhir Gandhe</contributor>
            </modified>
            <status_change date="2008-03-31T04:00:20.410-04:00">INTERIM</status_change>
            <modified comment="Changed the CPE reference" date="2008-04-04T11:17:00.749-04:00">
              <contributor organization="The MITRE Corporation">Andrew Buttner</contributor>
            </modified>
            <status_change date="2008-04-21T04:00:11.683-04:00">ACCEPTED</status_change>
          </dates>
          <status>ACCEPTED</status>
        </oval_repository>
      </metadata>
      <criteria>
        <criterion comment="the installed operating system is part of the Microsoft Windows family" test_ref="oval:org.mitre.oval:tst:99"/>
        <criterion comment="Windows Vista is installed" test_ref="oval:org.mitre.oval:tst:7914"/>
        <criterion negate="true" comment="a version of Windows for the x64 architecture is installed" test_ref="oval:org.mitre.oval:tst:3653"/>
      </criteria>
    </definition>
  </definitions>
  <tests>
    <registry_test id="oval:org.mitre.oval:tst:3019" version="1" comment="Win2K/XP/2003 service pack 2 is installed" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
      <object object_ref="oval:org.mitre.oval:obj:717"/>
      <state state_ref="oval:org.mitre.oval:ste:2827"/>
    </registry_test>
    <registry_test id="oval:org.mitre.oval:tst:7814" version="1" comment="Win2K/XP/2003 service pack 3 is installed" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
      <object object_ref="oval:org.mitre.oval:obj:717"/>
      <state state_ref="oval:org.mitre.oval:ste:3794"/>
    </registry_test>
    <registry_test id="oval:org.mitre.oval:tst:3823" version="1" comment="a version of Windows for the x86 architecture is installed" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
      <object object_ref="oval:org.mitre.oval:obj:1576"/>
      <state state_ref="oval:org.mitre.oval:ste:3649"/>
    </registry_test>
    <registry_test id="oval:org.mitre.oval:tst:3" version="1" comment="a version of Microsoft Windows XP is installed" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
      <object object_ref="oval:org.mitre.oval:obj:123"/>
      <state state_ref="oval:org.mitre.oval:ste:3"/>
    </registry_test>
    <registry_test id="oval:org.mitre.oval:tst:2843" version="1" comment="Win2K/XP/2003/Vista service pack 1 is installed" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
      <object object_ref="oval:org.mitre.oval:obj:717"/>
      <state state_ref="oval:org.mitre.oval:ste:2662"/>
    </registry_test>
    <family_test id="oval:org.mitre.oval:tst:99" version="1" comment="the installed operating system is part of the Microsoft Windows family" check_existence="at_least_one_exists" check="only one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent">
      <object object_ref="oval:org.mitre.oval:obj:99"/>
      <state state_ref="oval:org.mitre.oval:ste:99"/>
    </family_test>
    <registry_test id="oval:org.mitre.oval:tst:7914" version="1" comment="Windows Vista is installed" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
      <object object_ref="oval:org.mitre.oval:obj:5590"/>
      <state state_ref="oval:org.mitre.oval:ste:3828"/>
    </registry_test>
    <registry_test id="oval:org.mitre.oval:tst:3653" version="2" comment="a version of Windows for the x64 architecture is installed" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
      <object object_ref="oval:org.mitre.oval:obj:1576"/>
      <state state_ref="oval:org.mitre.oval:ste:3180"/>
    </registry_test>
    <file_test id="oval:org.secpod.oval:tst:91014" version="1" comment="iTunes.exe version is less than 9.0.1.8" check_existence="at_least_one_exists" check="all" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
      <object object_ref="oval:org.mitre.oval:obj:6563"/>
      <state state_ref="oval:org.secpod.oval:ste:91014"/>
    </file_test>
  </tests>
  <objects>
    <registry_object id="oval:org.mitre.oval:obj:123" version="1" comment="Registry key that hold the current windows os version" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
      <hive>HKEY_LOCAL_MACHINE</hive>
      <key>SOFTWARE\Microsoft\Windows NT\CurrentVersion</key>
      <name>CurrentVersion</name>
    </registry_object>
    <registry_object id="oval:org.mitre.oval:obj:717" version="1" comment="This registry key holds the service pack installed on the host if one is present." xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
      <hive>HKEY_LOCAL_MACHINE</hive>
      <key>SOFTWARE\Microsoft\Windows NT\CurrentVersion</key>
      <name>CSDVersion</name>
    </registry_object>
    <family_object id="oval:org.mitre.oval:obj:99" version="1" comment="This is the default family object. Only one family object should exist." xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"/>
    <registry_object id="oval:org.mitre.oval:obj:5590" version="1" comment="This registry key  ProductName" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
      <hive>HKEY_LOCAL_MACHINE</hive>
      <key>SOFTWARE\Microsoft\Windows NT\CurrentVersion</key>
      <name>ProductName</name>
    </registry_object>
    <registry_object id="oval:org.mitre.oval:obj:1576" version="1" comment="This registry key identifies the architecture on the system" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
      <hive>HKEY_LOCAL_MACHINE</hive>
      <key>SYSTEM\CurrentControlSet\Control\Session Manager\Environment</key>
      <name>PROCESSOR_ARCHITECTURE</name>
    </registry_object>
    <file_object id="oval:org.mitre.oval:obj:6563" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
      <path var_check="all" var_ref="oval:org.mitre.oval:var:960"/>
      <filename>iTunes.exe</filename>
    </file_object>
    <registry_object id="oval:org.mitre.oval:obj:309" version="1" comment="The registry key that holds the location of the program files directory." xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
      <hive>HKEY_LOCAL_MACHINE</hive>
      <key>SOFTWARE\Microsoft\Windows\CurrentVersion</key>
      <name>ProgramFilesDir</name>
    </registry_object>
  </objects>
  <states>
    <registry_state id="oval:org.mitre.oval:ste:2827" version="1" comment="The registry key has a value of Service Pack 2" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
      <value>Service Pack 2</value>
    </registry_state>
    <registry_state id="oval:org.mitre.oval:ste:3794" version="1" comment="The registry key has a value of Service Pack 3" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
      <value>Service Pack 3</value>
    </registry_state>
    <registry_state id="oval:org.mitre.oval:ste:3649" version="1" comment="x86 architecture" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
      <value>x86</value>
    </registry_state>
    <registry_state id="oval:org.mitre.oval:ste:3" version="1" comment="The registry key has a value of 5.1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
      <value>5.1</value>
    </registry_state>
    <registry_state id="oval:org.mitre.oval:ste:2662" version="1" comment="The registry key has a value of Service Pack 1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
      <value>Service Pack 1</value>
    </registry_state>
    <family_state id="oval:org.mitre.oval:ste:99" version="1" comment="Microsoft Windows family" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent">
      <family>windows</family>
    </family_state>
    <registry_state id="oval:org.mitre.oval:ste:3828" version="1" comment="The registry key matches with Vista" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
      <value operation="pattern match">.*[Vv]ista.*</value>
    </registry_state>
    <registry_state id="oval:org.mitre.oval:ste:3180" version="2" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
      <value>amd64</value>
    </registry_state>
    <file_state id="oval:org.secpod.oval:ste:91014" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
      <version datatype="version" operation="less than">9.0.1.8</version>
    </file_state>
  </states>
  <variables>
    <local_variable id="oval:org.mitre.oval:var:960" version="1" comment="iTunes directory" datatype="string">
      <concat>
        <object_component item_field="value" object_ref="oval:org.mitre.oval:obj:309"/>
        <literal_component>\iTunes</literal_component>
      </concat>
    </local_variable>
  </variables>
</oval_definitions>
Lah, Mike M.

Re: OVAL definition for Apple iTunes

Reply Threaded More More options
Print post
Permalink
Some javascript/style in this post has been disabled (why?)

Prabhu,

 

Thank you for the new Apple iTunes definitions. The OVAL Repository has now been updated to include these definitions for further community review.

 

Mike

 

 

From: prabhu [mailto:[hidden email]]
Sent: Wednesday, September 30, 2009 8:25 PM
To: oval-discussion-list OVAL Discussion List/Closed Public Discussi
Subject: [OVAL-DISCUSSION-LIST] OVAL definition for Apple iTunes

 

Vulnerability Definitions for Apple iTunes.
 
Thanks & Regards,
Prabhu.S.A
www.secpod.com

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
Free Embeddable Forum Powered by Nabble Help