Jump to content
OBK

Duplicate entry Software Vulnerability

Recommended Posts

Hi,

on one device I have under properties duplicate entries for a Software vulnerability. One entry with "Show only vulnerabilities that can be fixed" enabled and the same entry as second entry when "Show only vulnerabilities that can be fixed" disabled.

 

more details: see https://www.magentacloud.de/lnk/xRh5k7iA

Kind regards,

OBK

Share this post


Link to post

Hello,

please attach KSC server  and console traces with the following scenario :

- uncheck "Show only vulnerabilities that can be fixed"

- enable traces

- open computer properties

- click tab with the same two vulnerabilities

- open properties of every vulnerability one-by-one

- close computer properties

- disable traces.

Thank you.

 

Share this post


Link to post
Am ‎05‎.‎01‎.‎2018 um 17:13 schrieb Dmitry Eremeev:

please attach KSC server  and console traces with the following scenario :

- uncheck "Show only vulnerabilities that can be fixed"

I don't understand the first step "uncheck Show only vulnerabilites that can be fixed". Do you mean a section in the filter of the ksc? There I only find a filter "Fix available: Yes/No". Do you mean this?

Share this post


Link to post
On 05.01.2018 at 1:05 PM, OBK said:

Hi,

on one device I have under properties duplicate entries for a Software vulnerability. One entry with "Show only vulnerabilities that can be fixed" enabled and the same entry as second entry when "Show only vulnerabilities that can be fixed" disabled.

 

more details: see https://www.magentacloud.de/lnk/xRh5k7iA

Kind regards,

OBK

Hello.

This means unchecking the filter as on the provided video, so that all entries are displayed.

Do the entries persist after another Vulnerability scan? If so, please include the scan task in the traces, before the described steps.

Thank you.

 

Share this post


Link to post
Am ‎05‎.‎01‎.‎2018 um 17:13 schrieb Dmitry Eremeev:

please attach KSC server  and console traces with the following scenario :

- uncheck "Show only vulnerabilities that can be fixed"

- enable traces

- open computer properties

- click tab with the same two vulnerabilities

- open properties of every vulnerability one-by-one

- close computer properties

- disable traces.

I did the following:

- enable traces

- Create and run a Task "Find vulnerabilities ..."

- open computer properties

- uncheck "Show only vulnerabilities that can be fixed"

- click tab with the same two vulnerabilities

- open properties of every vulnerability one-by-one

- close computer properties

- disable traces.

For traces please refer to https://www.magentacloud.de/lnk/N0B5EaFN

Kind regards,

OBK

Share this post


Link to post
On 09.01.2018 at 6:13 PM, OBK said:

I did the following:

- enable traces

- Create and run a Task "Find vulnerabilities ..."

- open computer properties

- uncheck "Show only vulnerabilities that can be fixed"

- click tab with the same two vulnerabilities

- open properties of every vulnerability one-by-one

- close computer properties

- disable traces.

For traces please refer to https://www.magentacloud.de/lnk/N0B5EaFN

Kind regards,

OBK

The developer needs the following data to investigate:

1. Export of the list of instances for each of the duplicate vulnerabilities
2. From the host in question, archive of the folder:
%AllUsersProfile%\KasperskyLab\adminkit\1103\NlstCollectorStorage\VapmNetworkList
3. Results of the attached request (unpack archive to folder and start run.bat as admin on the KSC host)

Thank you.

 

req2564073.zip

Share this post


Link to post
vor 3 Stunden schrieb Kirill Tsapovsky:

1. Export of the list of instances for each of the duplicate vulnerabilities

What do you mean with instances?

vor 3 Stunden schrieb Kirill Tsapovsky:

2. From the host in question, archive of the folder:
%AllUsersProfile%\KasperskyLab\adminkit\1103\NlstCollectorStorage\VapmNetworkList
3. Results of the attached request (unpack archive to folder and start run.bat as admin on the KSC host)

see attached files

result.txt

VapmNetworkList.zip

Share this post


Link to post

Hello. 

 

You can go to vulnerabilities, open one of the duplicate entries properties proceed to Vulnerability instances and use Export to File function. Do this for both duplicate entries.

Share this post


Link to post
Am ‎12‎.‎01‎.‎2018 um 15:10 schrieb Evgeny_E:

You can go to vulnerabilities, open one of the duplicate entries properties proceed to Vulnerability instances and use Export to File function. Do this for both duplicate entries.

I am so sorry. I didn't Isolate the device and now the update is installed and "repaired" the fault. If I see the fault at another device I'll continue. (I think it's not helpful for you to have the Export vulnerabilities without the faulty instances.)

Share this post


Link to post
vor einer Stunde schrieb OBK:

If I see the fault at another device I'll continue.

please refer to https://www.magentacloud.de/lnk/snBZEC5n

I did it like last time:

Am ‎09‎.‎01‎.‎2018 um 16:13 schrieb OBK:

- enable traces

- Create and run a Task "Find vulnerabilities ..."

- open computer properties

- uncheck "Show only vulnerabilities that can be fixed"

- click tab with the same two vulnerabilities

- open properties of every vulnerability one-by-one

- close computer properties

- disable traces

and added the files:

Am ‎11‎.‎01‎.‎2018 um 06:43 schrieb Kirill Tsapovsky:

1. Export of the list of instances for each of the duplicate vulnerabilities
2. From the host in question, archive of the folder:
%AllUsersProfile%\KasperskyLab\adminkit\1103\NlstCollectorStorage\VapmNetworkList
3. Results of the attached request (unpack archive to folder and start run.bat as admin on the KSC host)

Kind regards,

OBK

Share this post


Link to post
On 15.01.2018 at 2:26 PM, OBK said:

please refer to https://www.magentacloud.de/lnk/snBZEC5n

I did it like last time:

and added the files:

Kind regards,

OBK

Is the provided folder VapmNetworkList from device POBK6223?

1. Unfortunately, there are no script results in attachment, apparently because the script is host-sensitive, and the developer expected it to be POBK6249. In addition, they have updated the script (please find it in the attachment). Please unpack it to KSC host, go to req.sql, replace POBK6249 with POBK6223, run it and provide all the resulting files.

2. If the folder VapmNetworkList has been collected from a different host, or was updated since last time, please provide a new version. All data collected from a single host is required to investigate.

Current analysis shows that kla11122-1.csv and kla11122-2.csv belong to different vulnerability instances on the host (C:\Program Files\Java\jre1.8.0_144\bin\java.exe and C:\Program Files (x86)\Java\jre1.8.0_144\bin\java.exe) and even for different products (Java 8 Update 144 (64-bit) and Java(TM) Platform SE 8). Please clarify what the issue is with these entries.

Thank you.

req2564073_2.zip

Share this post


Link to post
vor 6 Stunden schrieb Kirill Tsapovsky:

Current analysis shows that kla11122-1.csv and kla11122-2.csv belong to different vulnerability instances on the host (C:\Program Files\Java\jre1.8.0_144\bin\java.exe and C:\Program Files (x86)\Java\jre1.8.0_144\bin\java.exe) and even for different products (Java 8 Update 144 (64-bit) and Java(TM) Platform SE 8).

Yes, the two entrys have the same Application name, but are two different products.

In properties of the computer I see two entries "Java(TM) Platform SE8". Both seems to be 32bit. One is shown as vulnerability that can be fixed and one as vunlerability that can not be fixed. When I click on each instance I see at Vulnerability instances: One is in path C:\Program Files\Java... and the other in path C:\Program Files (x86)\Java\...

vor 6 Stunden schrieb Kirill Tsapovsky:

Please clarify what the issue is with these entries.

The vulnerability scan should differ betweeen 32bit and 64 bit and should identify the two products with different names.

I think the problem begins earlier. In group Software updates are two entries "Java(TM) Platform SE 8 8.0.1610.12". But in the right window there is in entry Application family, but not an entry Application.

For example Mozilla Firefox 58.0 has a special entry Application, who differs between the two versions.

Kind regards,

OBK

Edited by OBK

Share this post


Link to post

The developer requires a screenshot or video from the host with an actual problem (POBK6223) which would indicate that two different vulnerabilities display the same in the host properties. Also, please provide the script results (xml, not just txt), as mentioned earlier.

Thank you.

Share this post


Link to post
vor 6 Stunden schrieb Kirill Tsapovsky:

The developer requires a screenshot or video from the host with an actual problem (POBK6223) which would indicate that two different vulnerabilities display the same in the host properties. Also, please provide the script results (xml, not just txt), as mentioned earlier.

please refer to https://www.magentacloud.de/lnk/Wlh5k1E3

I created a new video for POBK6207 and traces and the result of the SQL-script and ...

POBK6207 has two entries for KB11178. One is fixible /32-bit), one not (64-bit).

In Group "Software updates" you find to entries for Oracle Java JRE 1.8x 8.0.1610.12. One for 32bit and one for 64bit. (Today I have for both products in entry Application on the right side. This differ to last friday.)

So, there is a fix for 64-bit too!

In Group "Software vulnerabilites" you find several entries with KB11178. One for 32bit Java JRE 1.8x 8.0.1610.12 and one for Java 8 Update 151. Java 8 Update 151 doesn't appear in the properties of POBK6207.

Kind regards,

OBK

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.