CPE search does not works properly while searching for cpe:/a:supplier:software:version:

[boos]

On master, If I run

• ./vfeedcli.py -s cpe:/a:todd_miller:sudo:1.6

I'll get all CVE for versions 1.6.* and 1.6 but if I run

• ./vfeedcli.py -s cpe:/a:todd_miller:sudo:1.6**:**

I get ./vfeedcli.py -s cpe:/a:todd_miller:sudo:1.6:
[!] Occurrence not found

How should I made the search query if I want only CVE affecting version "1.6" only (i.e. not 1.6.x)

[toolswatch]

Hi Roberto,

It will not work because there is no CPE for cpe:/a:todd_miller:sudo:1.6:
Now if you want to get ONLY result for cpe:/a:todd_miller:sudo:1.6, you may
need to change the code in search.py

in line self.cur.execute("SELECT count(distinct cveid) from cve_cpe where
cpeid like ?", ('%' + self.cpe + '%',))
As for now, it seaches using the Like statement that's why you got all
occurrences that looks like cpe:/a:todd_miller:sudo:1.6

You may need to change that line and not use "like"

On Tue, Aug 30, 2016 at 5:55 PM, Roberto Martelloni <
[email protected]> wrote:

If I run

• ./vfeedcli.py -s cpe:/a:todd_miller:sudo:1.6

I'll get all CVE for versions 1.6.* but if I run

• ./vfeedcli.py -s cpe:/a:todd_miller:sudo:1.6_:_

I get ./vfeedcli.py -s cpe:/a:todd_miller:sudo:1.6:
[!] Occurrence not found

How should I made the search query if I want only CVE affecting version
"1.6" only (i.e. not 1.6.x)

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#68, or mute the thread
https://github.com/notifications/unsubscribe-auth/AAOqfN9v5MqsdAMqudvi4ZqJBHqt7yBOks5qlER3gaJpZM4Jwnxg
.

[boos]

Hi,

actually there is a cpe:/a:todd_miller:sudo:1.6 indeed searching with the following command:

$ ./vfeedcli.py -s cpe:/a:todd_miller:sudo:1.6'
.. cut some output here ..
[+] cpe:/a:todd_miller:sudo:1.6
|-> CVE-2002-0043
|-> CVE-2002-0184
|-> CVE-2004-1051
|-> CVE-2005-1119
|-> CVE-2005-1993
|-> CVE-2005-2959
|-> CVE-2005-4158
|-> CVE-2006-0151
|-> CVE-2007-4305
|-> CVE-2010-0426
|-> CVE-2010-0427
|-> CVE-2010-1646
|-> CVE-2011-0008
|-> CVE-2012-2337
|-> CVE-2013-1775
[!] Metasploit exploit found.
[!] Exploit-DB PoC found.
|-> CVE-2013-1776
|-> CVE-2013-2776
|-> CVE-2013-2777
[+] Printing search statistics for cpe:/a:todd_miller:sudo:1.6
[-] Total Unique CVEs [24]
[-] Total Found CPEs [89]

[toolswatch]

On Tue, Aug 30, 2016 at 6:58 PM, Roberto Martelloni <
[email protected]> wrote:

'./vfeedcli.py -s cpe:/a:todd_miller:sudo:1.6'

Looks like an injection :) Yeah it seems to work but it is not the good
way to do it. I will extend the search.py to take into account whether ones
need to look for exact occurrence of all derived products.

In fact, refer to what i wrote the search method
https://github.com/toolswatch/vFeed/wiki/2--Usage-(API-and-Command-Line)

Thanks Roberto for your feedback. I will update extend it.

NJ/

[boos]

Thank you. Will you mark the ticket as issue or enhancement/feature? ;P

[toolswatch]

i will mark it as enhancement
Thanks Roberto
On Aug 31, 2016 01:39, "Roberto Martelloni" [email protected]
wrote:

Thank you. Will you mark the ticket as issue or enhancement/feature? ;P

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#68 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAOqfDUv34QgOQb9vlVDBBKzPW21dohBks5qlFf6gaJpZM4Jwnxg
.

[vfeedio]

CPE search does not works properly while searching for cpe:/a:supplier:software:version: #68

Hi
This lib is not maintained. Check the newest one https://github.com/vfeedio/pyvfeed