OVAL Interpreter v5.6.4 released

Open Vulnerability and Assessment Language (OVAL) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services.

The OVAL Interpreter is a freely available reference implementation that demonstrates the evaluation of OVAL Definitions. Based on a set of Definitions the interpreter collects system information, evaluates it, and generates a detailed OVAL Results file.

The OVAL Interpreter has been updated to Version 5.6, Build 4.
Specific updates to the OVAL Interpreter included correcting some minor bugs.

GIF - 4.8 kb

Version 5.6 build 4

  • Added support for the unix-def:xinetd_test.
  • Added support for the unix-def:inetd_test.
  • Added the ability to specify a location for the log file using the ’-y’ command line option.
  • Fixed a bug in the Windows FileFinder::GetPathsForPattern() method that was causing the path value to be interpreted as a regular expression when the not equals operation was specified.
  • Fixed a heap corruption bug in the win-def:fileauditedpermissions_test, the win-def:fileeffectiverights_test, the win-def:regkeyauditedpermissions_test, and the win-def:regkeyeffectiverights_test that caused OVALDI to stop working under Windows Vista and caused Windows to trigger a breakpoint when run in debug mode.
  • Fixed bug in Common::ParseDefinitionIdsString() misuse of strtok.
  • Fixed a bug in the SubstringFunction::ComputeValue() method so that it now properly supports substring_start values that are less than 1.
  • Fixed a bug in the win-def:registry_test so that it properly supports the collection of a registry key’s default value.
  • Fixed a bug in the REGEX::EscapeRegexChars() method such that it escapes all regular expression characters regardless of whether or not the regular expression character has been escaped. As a result of this bug fix, the string ’\.test*?’ will evaluate to ’\\.test*\?’ instead of ’\.test*\?’.
  • Fixed a few bugs in WindowsCommon.cpp that caused OVALDI to go into an infinite loop during data collection. Thanks to Jens Miltner (http://sourceforge.net/users/jmiltner) for reporting these bugs and for providing the code to fix them.
  • Fixed a bug in the Common::GetDefinitionSchematronPath() method that would prefix the definition schematron path with the XML schema path even if the definition schematron path was specified resulting in an incorrect definition schematron path. Thanks to Tim Harrison (http://sourceforge.net/users/tharriso/) for reporting this bug and for explaining how this bug could be fixed.
  • Replaced all hashing functionality with OpenSSL via a new Digest class.
  • Added SHA-1 hash support to the ind-def:filehash_test.
  • Fixed a bug in the main() function that was causing the ’-p’ command line option to be ignored.
  • Fixed a bug in the Test::GetTestById() method that caused a test not to be found if the test in the OVAL definition used an XML namespace.
  • Fixed a bug in the State::GetStateById() method that caused a state not to be found if the state in the OVAL definition used an XML namespace.
  • Fixed a bug in the UNIX FileProbe::GetFileAttributes() method that was setting the isObjectEntity flag for the entities group_id, user_id, a_time, c_time, m_time, size, suid, sgid, sticky, uread, uwrite, uexec, gread, gwrite, gexec, oread, owrite, and oexec to true when they should have been set to false.
  • Fixed a bug in the UNIX FileProbe::GetFileAttributes() method so that it now sets the datatype of the size entity of the unix-sc:file_item to OvalEnum::DATATYPE_INTEGER.
  • Fixed a bug in the REGEX::GetConstantPortion() method such that it now works when the path separator character is also a regular expression character.
  • Changed all occurrences of the regular expression prefix optimization such that it is only applied when the regular expression begins with the ’^’ character.
  • Changed the REGEX::GetConstantPortion() method such that it takes the file separator as a character instead of a string.
  • Added support for the win-def:metabase_test.
  • Fixed a bug in the Linux FileFinder::GetFilesForPattern() method such that it will now collect regular files instead of any file that is not a regular file.
  • Fixed a bug in the Windows FileProbe::GetFileAttributes() method so that it now closes the file handle.
  • Fixed a bug in the Windows FileFinder::GetPathsForPattern() method such that it now adds the constant portion of the specified regular expression to the list of matching paths if the constant portion exists and matches the complete regular expression.
  • Added support for the xsd:choice structure on files which allows for the use of either the path and filename entities or the filepath entity.
  • Enabled the SE_BACKUP_NAME privilege when searching for files on Windows because it provides the interpreter with read access to all files and directories. Any other access attempts, with this privilege enabled, will still go through the ACL.
  • Added support for the ind-def:ldap_test.
  • Fixed bug in AbsObjectCollector::Intersection() to ensure that the resulting set contains only unique items.

More information: here

Post scriptum

Compliance Mandates

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Configurations checks
Local auditing
Vulnerability Scanner