software.log

Vlad_Grigorescu2 · December 4, 2013, 4:36pm

John,

Have you looked at policy/frameworks/software/vulnerable.bro[1]? It seems like it implements what you're looking to do. For example, here's what I have in my local.bro:

@load frameworks/software/vulnerable
global java_1_6_vuln: Software::VulnerableVersionRange = [$max=[$major=1,$minor=6,$minor2=0,$minor3=48]];
global java_1_7_vuln: Software::VulnerableVersionRange = [$min=[$major=1,$minor=7], $max=[$major=1,$minor=7,$minor2=0,$minor3=22]];

redef Software::vulnerable_versions += {
["Java"] = set(java_1_6_vuln, java_1_7_vuln)
};

See also: https://github.com/bro/bro/blob/master/NEWS#L313

What this does is define two ranges of vulnerable Java versions. The first is anything prior to 1.6.0.48 (including 1.5, 1.4, etc.). The second is anything between 1.7.0.0 and 1.7.0.22.

Of course, if you only care about 1.7.0.40, you can just define that as the min/max.

Does that help? Or was that not the functionality you were looking for?

--Vlad

[1] - <https://github.com/bro/bro/blob/master/scripts/policy/frameworks/software/vulnerable.bro>

John_Babio1 · December 4, 2013, 4:40pm

Yes This is exactly what I was looking for. I just didn¹t know how to go
about it. Thank you Vlad!

James_Lay · December 4, 2013, 4:44pm

Care to send it to the list? I'd like to see it myself...thank you.

James

Topic		Replies	Views
[Fwd] Re: #263: --enable-int64 breaks bropipe Development development	3	56	May 6, 2022
[JIRA] (BIT-1286) Add policy script for Windows version detection via CryptoAPI HTTP Traffic Development development	1	66	May 6, 2022
Bug Report - Software Framework - Flash Player Version Parsing Zeek	2	90	May 6, 2022
[Bro-Commits] [git/bro] topic/johanna/tls-more-data: Update NEWS for ssl changes. (3c7c60cf6) Development development	5	75	May 6, 2022
[Auto] Merge Status Development development	4	88	May 6, 2022

software.log

Related Topics