這兩年英國、新加坡、歐盟都有滿多資安相關的議題,例如英國 Product Security and Telecommunications Infrastructure (PSTI) 產品安全和電信基礎設施法案在 2024.04 生效,現在則幫忙公司處理歐盟 2025年夏天要推進的無線設備指令—委託法案 (Radio Equipment Directive – Delegated Act, 簡稱 RED-DA )
已知的粗略資訊:
- 商品若有聯網功能,需要依照 RED-DA 的要求自我檢驗一番,才能把商品賣進歐盟國家
- 尚未有中央單位負責檢驗,各大品牌找一些值得信任檢驗單位,請他們檢驗商品出檢驗報告,未來商品進歐盟時,被要求提供報告時,可以拿出來用
- 使用 OpenVAS Scanner 等類似工具對聯網設備進行弱點掃描
- 請開發者整理產品用到了相關 libraries ,透過 CVE 資料庫進行查詢,若發現有漏洞就評估該怎樣更新
- 若像 WIFI AP 提供 http://192.168.1.1 登入後台使用,那至少必須改提供 https://192.168.1.1 自簽憑證方案
C:\Users\User>docker run -p 8443:443 --name openvas mikesplain/openvas
Unable to find image 'mikesplain/openvas:latest' locally
latest: Pulling from mikesplain/openvas
34667c7e4631: Pull complete
d18d76a881a4: Pull complete
119c7358fbfc: Pull complete
2aaf13f3eff0: Pull complete
67b182362ac2: Pull complete
c878d3d5e895: Pull complete
ec12cc49fe18: Pull complete
c4c454aeebef: Pull complete
27d3410150b2: Pull complete
e08d578dc278: Pull complete
44951337cd32: Pull complete
8c7fe885e62a: Pull complete
a4f833680e45: Pull complete
Digest: sha256:23c8412b5f9f370ba71e5cd3db36e6f2e269666cd8a3e3e7872f20f8063b2752
Status: Downloaded newer image for mikesplain/openvas:latest
Testing redis status...
Redis not yet ready...
Redis ready.
Checking for empty volume
Restarting services
* Restarting openvas-scanner openvassd
...done.
* Restarting openvas-manager openvasmd
...done.
* Restarting openvas-gsa gsad
...done.
Reloading NVTs
Rebuilding NVT cache... done.
Checking setup
openvas-check-setup 2.3.3
Test completeness and readiness of OpenVAS-9
Please report us any non-detected problems and
help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.
Use the parameter --server to skip checks for client tools
like GSD and OpenVAS-CLI.
Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 5.1.3.
OK: OpenVAS Scanner CA Certificate is present as .
...
接著就在本機開啟 https://localhost:8443/ 來運作:
添加一則 task (左上角的紫色 icon ) -> 指定設備的 IP -> 右下角有 Actions 記得按下 Play icon
最後,把玩一下小工具:pypi.org/project/cve-vulnerability-scanner/
% NVD_API_KEY='XXXX-XXXX-XXXX-XXXX' cve-vulnerability-scanner -p zlib -v 1.2.13 -o /tmp/output.md ; cat /tmp/output.md
Scanning zlib version 1.2.13
Loading cached data for zlib
Scan complete. Report generated in /tmp/output.md
# Security Vulnerability Report
Generated on: 2024-11-09 08:53:47
## zlib 1.2.13
### CVE-2023-45853
Severity: CRITICAL
CVSS Score: 9.8
Version Range: * to 1.3
Published: 2023-10-14T02:15:09.323
Last Modified: 2024-08-01T13:44:58.990
Description: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
### CVE-2023-48106
Severity: HIGH
CVSS Score: 8.8
Version Range: * to *
Published: 2023-11-22T18:15:09.630
Last Modified: 2023-12-02T00:27:03.327
Description: Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_resolve function in the mz_os.c file.
### CVE-2023-48107
Severity: HIGH
CVSS Score: 8.8
Version Range: * to *
Published: 2023-11-22T23:15:10.663
Last Modified: 2023-12-27T04:15:07.277
Description: Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash function in the mz_os.c file.
### CVE-2023-6992
Severity: MEDIUM
CVSS Score: 5.5
Version Range: * to 2023-11-16
Published: 2024-01-04T12:15:23.690
Last Modified: 2024-01-10T01:14:35.027
Description: Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow.
A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software.
Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.
### CVE-2003-0107
Severity: UNKNOWN
CVSS Score: 0.0
Version Range: * to *
Published: 2003-03-07T05:00:00.000
Last Modified: 2022-06-22T16:40:46.327
Description: Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.
### CVE-2004-0797
Severity: UNKNOWN
CVSS Score: 0.0
Version Range: * to *
Published: 2004-10-20T04:00:00.000
Last Modified: 2022-06-22T16:40:46.360
Description: The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash).
### CVE-2005-2096
Severity: UNKNOWN
CVSS Score: 0.0
Version Range: * to *
Published: 2005-07-06T04:00:00.000
Last Modified: 2022-06-22T16:40:46.413
Description: zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.
### CVE-2005-1849
Severity: UNKNOWN
CVSS Score: 0.0
Version Range: * to *
Published: 2005-07-26T04:00:00.000
Last Modified: 2022-06-22T16:40:46.380
Description: inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.
### CVE-2009-1391
Severity: UNKNOWN
CVSS Score: 0.0
Version Range: * to 2.015
Published: 2009-06-16T23:30:00.203
Last Modified: 2018-10-03T22:00:28.997
Description: Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.
### CVE-2009-1391
Severity: UNKNOWN
CVSS Score: 0.0
Version Range: * to *
Published: 2009-06-16T23:30:00.203
Last Modified: 2018-10-03T22:00:28.997
Description: Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.
這工具純把玩,困難之處就是做 version 和 library name 比對,這工具純示意,仍有非常大進步的空間,甚至該把這空間交給專業的資安公司就好,畢竟這是個分工的時代,且需要大量的人力檢視 Orz
沒有留言:
張貼留言