mirror of
https://github.com/empayre/fleet.git
synced 2024-11-07 01:15:22 +00:00
df5fa7f515
- Adds Detect Linux hosts with high severity vulnerable versions of OpenSSL to query handbook - Includes query to retrieve OpenSSL version - Includes query to retrieve OpenSSL version
3.6 KiB
3.6 KiB
Detect Linux hosts with high severity vulnerable versions of OpenSSL
Retrieves the OpenSSL version.
See the table below to determine if the installed version is a high severity vulnerability and view the corresponding CVE(s).
Support
Linux
Query
SELECT
name AS name,
version AS version,
'deb_packages' AS source
FROM deb_packages
WHERE
name LIKE 'openssl%'
UNION
SELECT
name AS name,
version AS version,
'apt_sources' AS source
FROM apt_sources
WHERE
name LIKE 'openssl%'
UNION
SELECT
name AS name,
version AS version,
'rpm_packages' AS source
FROM rpm_packages
WHERE
name LIKE 'openssl%';
Table of vulnerable OpenSSL versions
The table below includes the high severity vulnerabilities reported by OpenSSL.
| Versions | CVE |
|---|---|
| 1.1.1h-1.1.1j | CVE-2021-3450 |
| 1.1.1-1.1.1j | CVE-2021-3449 |
| 1.1.1-1.1.1h and 1.0.2-1.0.2w | CVE-2020-1971 |
| 1.1.1d-1.1.1f | CVE-2020-1967 |
| 1.1.1-1.1.1d and 1.0.2-1.0.2t | CVE-2019-1551 |
| 1.1.1-1.1.1c | CVE-2019-1549 |
| 1.1.0-1.1.0d | CVE-2017-3733 |
| 1.1.0-1.1.0b | CVE-2016-7054 |
| 1.1.0 and 1.0.2-1.0.2h and 1.0.1-1.0.1t | CVE-2016-6304 |
| 1.0.2-1.0.2b and 1.0.1-1.0.1n | CVE-2016-2108 |
| 1.0.2-1.0.2f and 1.0.1-1.0.1r | CVE-2016-0800 |
| 1.0.2 and 1.0.1-1.0.1l and 1.0.0-1.0.0q and 0.9.8-0.9.8ze | CVE-2016-0703 |
| 1.0.2-1.0.2e | CVE-2016-0701 |
| 1.0.2b-1.0.2c and 1.0.1n-1.0.1o | CVE-2015-1793 |
| 1.0.2 | CVE-2015-0291 |
| 1.0.1-1.0.1i | CVE-2014-3513 |
| 1.0.1-1.0.1h | CVE-2014-3511 |
| 1.0.1-1.0.1h | CVE-2014-3511 |
Purpose
Detection