OVAL interpreter v5.6.1 released

Open Vulnerability and Assessment Language (OVALâ„¢) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community.

GIF - 4.8 kb

Changelog :

  • Updated to support version 5.6 of the OVAL Language.
  • Added support for the win-def:printereffectiverights_test.
  • Updated the win-def:activedirectory_test so that it aligns with Version 5.6 of the OVAL Language.
  • Closed the OVAL float datatype bug in the EntityComparator::CompareFloat() method.
  • Added support for the win-def:serviceeffectiverights_test.
  • Fixed a bug in the ind-def:xmlfilecontent_test probe that caused it to report errors on valid XPath expressions.
  • Fixed a bug in the Common::GetXSLFilename() method that caused it to always add the schema path to the input provided with the ’-t’ command line argument.
  • Fixed a bug in the win-def:activedirectory_test probe that caused it to fail when connecting to certain Active Directories. This bug was fixed by specifying the DNS name of the server in the LDAP ADsPath.
  • Fixed a bug in the FileEffectiveRightsProbe::GetEffectiveRights() method that caused the generic_read, generic_write, and generic_execute entities to be set incorrectly.
  • Fixed a bug in the FileEffectiveRights53Probe::GetEffectiveRights() method that caused the generic_read, generic_write, and generic_execute entities to be set incorrectly.
  • Added support for registry behaviors.
  • Updated the win-def:registry_test to support registry behaviors.
  • Added support for the win-def:regkeyeffectiverights_test.
  • Added support for the win-def:regkeyeffectiverights53_test.
  • Added support for the unix-def:password_test.
  • Corrected bug in RunLevelProbe causing Kill or Start scripts appearing with incorrect values in the results.xml file.

Post scriptum

Compliance Mandates

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Comments

Related Articles

Configurations checks
Local auditing
OVAL
Vulnerability Scanner