Making Security Measurable › OVAL › OVAL Repository Forum

OVAL for Safari

2 messages

prabhu-4

OVAL for Safari

Reply Threaded

Some javascript/style in this post has been disabled (why?)

Vulnerability Definitions for Safari for windows.

Thanks & Regards,
Prabhu.S.A
www.secpod.com

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to [hidden email].
<?xml version="1.0" encoding="UTF-8"?>
<oval_definitions xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows windows-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5">
<generator>
<oval:product_name>The OVAL Repository</oval:product_name>
<oval:schema_version>5.6</oval:schema_version>
<oval:timestamp>2009-09-24T09:10:18.227-04:00</oval:timestamp>
</generator>
<definitions>
<definition id="oval:org.secpod.oval:def:91011" version="1" class="vulnerability">
<metadata>
<title>Apple Safari Cross-site scripting (XSS) vulnerability.</title>
<affected family="windows">
<platform>Microsoft Windows XP</platform>
<platform>Microsoft Windows Vista</platform>
<product>Apple Safari</product>
</affected>
<reference source="CVE" ref_id="CVE-2009-1724" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1724"/>
<description>Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects.</description>
<oval_repository>
<dates>
<submitted date="2009-09-24T09:00:11">
<contributor organization="SecPod Technologies">Prabhu.S.A</contributor>
</submitted>
</dates>
<status>INITIAL SUBMISSION</status>
</oval_repository>
</metadata>
<criteria operator="OR">
<criteria operator="AND">
<criteria operator="OR">
<extend_definition comment="Microsoft Windows XP (x86) SP2 is installed" definition_ref="oval:org.mitre.oval:def:754"/>
<extend_definition comment="Microsoft Windows XP (x86) SP3 is installed" definition_ref="oval:org.mitre.oval:def:5631"/>
<extend_definition comment="Microsoft Windows Vista (32-bit) is installed" definition_ref="oval:org.mitre.oval:def:1282"/>
<extend_definition comment="Microsoft Windows Vista (32-bit) Service Pack 1 is installed" definition_ref="oval:org.mitre.oval:def:4873"/>
</criteria>
<criterion comment="Safari.exe version is less than 4.530.19.1 (4.0.2)" test_ref="oval:org.secpod.oval:tst:91013"/>
</criteria>
</criteria>
</definition>
<definition id="oval:org.secpod.oval:def:91012" version="1" class="vulnerability">
<metadata>
<title>Apple Safari WebKit Numeric Character References Remote Memory Corruption Vulnerability.</title>
<affected family="windows">
<platform>Microsoft Windows XP</platform>
<platform>Microsoft Windows Vista</platform>
<product>Apple Safari</product>
</affected>
<reference source="CVE" ref_id="CVE-2009-1725" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1725"/>
<description>WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.</description>
<oval_repository>
<dates>
<submitted date="2009-09-24T09:00:11">
<contributor organization="SecPod Technologies">Prabhu.S.A</contributor>
</submitted>
</dates>
<status>INITIAL SUBMISSION</status>
</oval_repository>
</metadata>
<criteria operator="OR">
<criteria operator="AND">
<criteria operator="OR">
<extend_definition comment="Microsoft Windows XP (x86) SP2 is installed" definition_ref="oval:org.mitre.oval:def:754"/>
<extend_definition comment="Microsoft Windows XP (x86) SP3 is installed" definition_ref="oval:org.mitre.oval:def:5631"/>
<extend_definition comment="Microsoft Windows Vista (32-bit) is installed" definition_ref="oval:org.mitre.oval:def:1282"/>
<extend_definition comment="Microsoft Windows Vista (32-bit) Service Pack 1 is installed" definition_ref="oval:org.mitre.oval:def:4873"/>
</criteria>
<criterion comment="Safari.exe version is less than 4.530.19.1 (4.0.2)" test_ref="oval:org.secpod.oval:tst:91013"/>
</criteria>
</criteria>
</definition>
<definition id="oval:org.mitre.oval:def:754" version="2" class="inventory">
<metadata>
<title>Microsoft Windows XP (x86) SP2 is installed</title>
<affected family="windows">
<platform>Microsoft Windows XP</platform>
</affected>
<reference source="CPE" ref_id="cpe:/o:microsoft:windows_xp::sp2:x86"/>
<description>A version of Microsoft Windows XP (x86) Service Pack 2 is installed.</description>
<oval_repository>
<dates>
<submitted date="2007-03-05T09:00:00">
<contributor organization="The MITRE Corporation">Andrew Buttner</contributor>
</submitted>
<status_change date="2007-03-05T09:00:00">DRAFT</status_change>
<status_change date="2007-03-21T16:17:26.869-04:00">INTERIM</status_change>
<status_change date="2007-04-10T13:44:28.583-04:00">ACCEPTED</status_change>
<modified comment="Changed the CPE reference" date="2008-04-04T11:17:00.434-04:00">
<contributor organization="The MITRE Corporation">Andrew Buttner</contributor>
</modified>
<status_change date="2008-04-04T11:29:22.458-04:00">INTERIM</status_change>
<status_change date="2008-04-21T04:00:24.359-04:00">ACCEPTED</status_change>
</dates>
<status>ACCEPTED</status>
</oval_repository>
</metadata>
<criteria operator="AND">
<criterion comment="the installed operating system is part of the Microsoft Windows family" test_ref="oval:org.mitre.oval:tst:99"/>
<criterion comment="a version of Microsoft Windows XP is installed" test_ref="oval:org.mitre.oval:tst:3"/>
<criterion comment="a version of Windows for the x86 architecture is installed" test_ref="oval:org.mitre.oval:tst:3823"/>
<criterion comment="Win2K/XP/2003 service pack 2 is installed" test_ref="oval:org.mitre.oval:tst:3019"/>
</criteria>
</definition>
<definition id="oval:org.mitre.oval:def:5631" version="1" class="inventory">
<metadata>
<title>Microsoft Windows XP (x86) SP3 is installed</title>
<affected family="windows">
<platform>Microsoft Windows XP</platform>
</affected>
<reference source="CPE" ref_id="cpe:/o:microsoft:windows_xp::sp3:x86"/>
<description>A version of Microsoft Windows XP (x86) Service Pack 3 is installed.</description>
<oval_repository>
<dates>
<submitted date="2008-06-10T14:50:00">
<contributor organization="Secure Elements, Inc.">Sudhir Gandhe</contributor>
</submitted>
<status_change date="2008-06-12T13:58:47.155-04:00">DRAFT</status_change>
<status_change date="2008-06-30T04:00:18.370-04:00">INTERIM</status_change>
<status_change date="2008-07-21T04:00:18.901-04:00">ACCEPTED</status_change>
</dates>
<status>ACCEPTED</status>
</oval_repository>
</metadata>
<criteria operator="AND">
<criterion comment="the installed operating system is part of the Microsoft Windows family" test_ref="oval:org.mitre.oval:tst:99"/>
<criterion comment="a version of Microsoft Windows XP is installed" test_ref="oval:org.mitre.oval:tst:3"/>
<criterion comment="a version of Windows for the x86 architecture is installed" test_ref="oval:org.mitre.oval:tst:3823"/>
<criterion comment="Win2K/XP/2003 service pack 3 is installed" test_ref="oval:org.mitre.oval:tst:7814"/>
</criteria>
</definition>
<definition id="oval:org.mitre.oval:def:4873" version="1" class="inventory">
<metadata>
<title>Microsoft Windows Vista (32-bit) Service Pack 1 is installed</title>
<affected family="windows">
<platform>Microsoft Windows Vista</platform>
</affected>
<reference source="CPE" ref_id="cpe:/o:microsoft:windows_vista::sp1:x86"/>
<description>The operating system installed on the system is Microsoft Windows Vista (32-bit) Service Pack 1</description>
<oval_repository>
<dates>
<submitted date="2008-03-26T10:44:02">
<contributor organization="Secure Elements, Inc.">Sudhir Gandhe</contributor>
</submitted>
<status_change date="2008-03-26T16:27:29.495-04:00">DRAFT</status_change>
<modified comment="Changed the CPE reference" date="2008-04-04T11:17:00.108-04:00">
<contributor organization="The MITRE Corporation">Andrew Buttner</contributor>
</modified>
<status_change date="2008-04-21T04:00:20.428-04:00">INTERIM</status_change>
<status_change date="2008-05-12T04:00:14.497-04:00">ACCEPTED</status_change>
</dates>
<status>ACCEPTED</status>
</oval_repository>
</metadata>
<criteria>
<criterion comment="the installed operating system is part of the Microsoft Windows family" test_ref="oval:org.mitre.oval:tst:99"/>
<criterion comment="Windows Vista is installed" test_ref="oval:org.mitre.oval:tst:7914"/>
<criterion negate="true" comment="a version of Windows for the x64 architecture is installed" test_ref="oval:org.mitre.oval:tst:3653"/>
<criterion comment="Win2K/XP/2003/Vista service pack 1 is installed" test_ref="oval:org.mitre.oval:tst:2843"/>
</criteria>
</definition>
<definition id="oval:org.mitre.oval:def:1282" version="2" class="inventory">
<metadata>
<title>Microsoft Windows Vista (32-bit) is installed</title>
<affected family="windows">
<platform>Microsoft Windows Vista</platform>
</affected>
<reference source="CPE" ref_id="cpe:/o:microsoft:windows_vista:::x86"/>
<description>The operating system installed on the system is Microsoft Windows Vista (32-bit)</description>
<oval_repository>
<dates>
<submitted date="2007-04-11T11:27:37.975-04:00">
<contributor organization="The MITRE Corporation">Jonathan Baker</contributor>
</submitted>
<status_change date="2007-04-11T12:15:00.000-04:00">DRAFT</status_change>
<status_change date="2007-04-30T08:18:46.566-04:00">INTERIM</status_change>
<status_change date="2007-05-23T15:05:26.800-04:00">ACCEPTED</status_change>
<modified comment="Vista test updated because of the conflictions with Server 2008" date="2008-03-26T10:51:02.210-04:00">
<contributor organization="Secure Elements, Inc.">Sudhir Gandhe</contributor>
</modified>
<status_change date="2008-03-31T04:00:20.410-04:00">INTERIM</status_change>
<modified comment="Changed the CPE reference" date="2008-04-04T11:17:00.749-04:00">
<contributor organization="The MITRE Corporation">Andrew Buttner</contributor>
</modified>
<status_change date="2008-04-21T04:00:11.683-04:00">ACCEPTED</status_change>
</dates>
<status>ACCEPTED</status>
</oval_repository>
</metadata>
<criteria>
<criterion comment="the installed operating system is part of the Microsoft Windows family" test_ref="oval:org.mitre.oval:tst:99"/>
<criterion comment="Windows Vista is installed" test_ref="oval:org.mitre.oval:tst:7914"/>
<criterion negate="true" comment="a version of Windows for the x64 architecture is installed" test_ref="oval:org.mitre.oval:tst:3653"/>
</criteria>
</definition>
</definitions>
<tests>
<registry_test id="oval:org.mitre.oval:tst:3019" version="1" comment="Win2K/XP/2003 service pack 2 is installed" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
<object object_ref="oval:org.mitre.oval:obj:717"/>
<state state_ref="oval:org.mitre.oval:ste:2827"/>
</registry_test>
<registry_test id="oval:org.mitre.oval:tst:7814" version="1" comment="Win2K/XP/2003 service pack 3 is installed" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
<object object_ref="oval:org.mitre.oval:obj:717"/>
<state state_ref="oval:org.mitre.oval:ste:3794"/>
</registry_test>
<registry_test id="oval:org.mitre.oval:tst:3823" version="1" comment="a version of Windows for the x86 architecture is installed" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
<object object_ref="oval:org.mitre.oval:obj:1576"/>
<state state_ref="oval:org.mitre.oval:ste:3649"/>
</registry_test>
<registry_test id="oval:org.mitre.oval:tst:3" version="1" comment="a version of Microsoft Windows XP is installed" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
<object object_ref="oval:org.mitre.oval:obj:123"/>
<state state_ref="oval:org.mitre.oval:ste:3"/>
</registry_test>
<registry_test id="oval:org.mitre.oval:tst:2843" version="1" comment="Win2K/XP/2003/Vista service pack 1 is installed" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
<object object_ref="oval:org.mitre.oval:obj:717"/>
<state state_ref="oval:org.mitre.oval:ste:2662"/>
</registry_test>
<family_test id="oval:org.mitre.oval:tst:99" version="1" comment="the installed operating system is part of the Microsoft Windows family" check_existence="at_least_one_exists" check="only one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent">
<object object_ref="oval:org.mitre.oval:obj:99"/>
<state state_ref="oval:org.mitre.oval:ste:99"/>
</family_test>
<registry_test id="oval:org.mitre.oval:tst:7914" version="1" comment="Windows Vista is installed" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
<object object_ref="oval:org.mitre.oval:obj:5590"/>
<state state_ref="oval:org.mitre.oval:ste:3828"/>
</registry_test>
<registry_test id="oval:org.mitre.oval:tst:3653" version="2" comment="a version of Windows for the x64 architecture is installed" check_existence="at_least_one_exists" check="at least one" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
<object object_ref="oval:org.mitre.oval:obj:1576"/>
<state state_ref="oval:org.mitre.oval:ste:3180"/>
</registry_test>
<file_test id="oval:org.secpod.oval:tst:91013" version="1" comment="Safari.exe version is less than 4.530.19.1 (4.0.2)" check_existence="at_least_one_exists" check="all" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
<object object_ref="oval:org.mitre.oval:obj:6668"/>
<state state_ref="oval:org.secpod.oval:ste:91013"/>
</file_test>
</tests>
<objects>
<registry_object id="oval:org.mitre.oval:obj:123" version="1" comment="Registry key that hold the current windows os version" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
<hive>HKEY_LOCAL_MACHINE</hive>
<key>SOFTWARE\Microsoft\Windows NT\CurrentVersion</key>
<name>CurrentVersion</name>
</registry_object>
<registry_object id="oval:org.mitre.oval:obj:717" version="1" comment="This registry key holds the service pack installed on the host if one is present." xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
<hive>HKEY_LOCAL_MACHINE</hive>
<key>SOFTWARE\Microsoft\Windows NT\CurrentVersion</key>
<name>CSDVersion</name>
</registry_object>
<family_object id="oval:org.mitre.oval:obj:99" version="1" comment="This is the default family object. Only one family object should exist." xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"/>
<registry_object id="oval:org.mitre.oval:obj:5590" version="1" comment="This registry key ProductName" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
<hive>HKEY_LOCAL_MACHINE</hive>
<key>SOFTWARE\Microsoft\Windows NT\CurrentVersion</key>
<name>ProductName</name>
</registry_object>
<registry_object id="oval:org.mitre.oval:obj:1576" version="1" comment="This registry key identifies the architecture on the system" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
<hive>HKEY_LOCAL_MACHINE</hive>
<key>SYSTEM\CurrentControlSet\Control\Session Manager\Environment</key>
<name>PROCESSOR_ARCHITECTURE</name>
</registry_object>
<file_object id="oval:org.mitre.oval:obj:6668" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
<path var_ref="oval:org.mitre.oval:var:24" var_check="all"/>
<filename>Safari.exe</filename>
</file_object>
<registry_object id="oval:org.mitre.oval:obj:6703" version="1" comment="The registry key that holds the location of the program files directory." xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
<hive>HKEY_LOCAL_MACHINE</hive>
<key>SOFTWARE\Apple Computer, Inc.\Safari</key>
<name>InstallDir</name>
</registry_object>
</objects>
<states>
<registry_state id="oval:org.mitre.oval:ste:2827" version="1" comment="The registry key has a value of Service Pack 2" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
<value>Service Pack 2</value>
</registry_state>
<registry_state id="oval:org.mitre.oval:ste:3794" version="1" comment="The registry key has a value of Service Pack 3" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
<value>Service Pack 3</value>
</registry_state>
<registry_state id="oval:org.mitre.oval:ste:3649" version="1" comment="x86 architecture" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
<value>x86</value>
</registry_state>
<registry_state id="oval:org.mitre.oval:ste:3" version="1" comment="The registry key has a value of 5.1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
<value>5.1</value>
</registry_state>
<registry_state id="oval:org.mitre.oval:ste:2662" version="1" comment="The registry key has a value of Service Pack 1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
<value>Service Pack 1</value>
</registry_state>
<family_state id="oval:org.mitre.oval:ste:99" version="1" comment="Microsoft Windows family" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent">
<family>windows</family>
</family_state>
<registry_state id="oval:org.mitre.oval:ste:3828" version="1" comment="The registry key matches with Vista" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
<value operation="pattern match">.*[Vv]ista.*</value>
</registry_state>
<registry_state id="oval:org.mitre.oval:ste:3180" version="2" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
<value>amd64</value>
</registry_state>
<file_state id="oval:org.secpod.oval:ste:91013" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#windows">
<version datatype="version" operation="less than">4.530.19.1</version>
</file_state>
</states>
<variables>
<local_variable id="oval:org.mitre.oval:var:24" version="1" comment="Safari Directory" datatype="string">
<concat>
<object_component item_field="value" object_ref="oval:org.mitre.oval:obj:6703"/>
<literal_component>\</literal_component>
</concat>
</local_variable>
</variables>
</oval_definitions>

bakerj

Re: OVAL for Safari

Reply Threaded

Some javascript/style in this post has been disabled (why?)

Thanks for the new definition. The oval repository has now been updated and this definition is available for further community review.

Thanks,

Jon

============================================

Jonathan O. Baker

G022 - IA Industry Collaboration

The MITRE Corporation

Email: [hidden email]

From: prabhu [mailto:[hidden email]]
Sent: Thursday, September 24, 2009 4:06 AM
To: oval-discussion-list OVAL Discussion List/Closed Public Discussi
Subject: [OVAL-DISCUSSION-LIST] OVAL for Safari

Vulnerability Definitions for Safari for windows.

Thanks & Regards,

Prabhu.S.A

www.secpod.com

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to [hidden email].