cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
marc_dub
Engaged Sweeper II
Due to the recent Bash vulnerability I am running reports but the Bash software version only displays 3.2 as an example but when we check locally the version is 3.2.25 why would this be displayed.

www.webroot.com
1 ACCEPTED SOLUTION
sukaitsu
Champion Sweeper
I wrote this SQL Query, and it helped us narrow down vulnerable machines.

Linux: ShellShock Vulnerable ()


Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tsysAssetTypes.AssetTypename,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblLinuxSystem.OSRelease,
tblAssets.IPAddress,
tblSoftwareUni.softwareName,
tblLinuxSoftware.Version,
tblLinuxSoftware.InstallDate,
tblLinuxSoftware.LastChanged
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tblLinuxSoftware On tblAssets.AssetID = tblLinuxSoftware.AssetID
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID =
tblLinuxSoftware.SoftwareUniID
Inner Join tblLinuxSystem On tblAssets.AssetID = tblLinuxSystem.AssetID
Where ((tblSoftwareUni.softwareName Like '%cgi%') Or
(tblSoftwareUni.softwareName = 'bash' And
DateDiff(day, tblLinuxSoftware.LastChanged, '2014-09-24') > 0)) And
tblAssetCustom.State = 1 And tblAssets.Assettype = 11
Order By tblAssets.AssetName
Thank you, Jeffrey Smith Enterprise Applications Security (319) 499-6310 JefSmith@geico.com

View solution in original post

2 REPLIES 2
sukaitsu
Champion Sweeper
I wrote this SQL Query, and it helped us narrow down vulnerable machines.

Linux: ShellShock Vulnerable ()


Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tsysAssetTypes.AssetTypename,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblLinuxSystem.OSRelease,
tblAssets.IPAddress,
tblSoftwareUni.softwareName,
tblLinuxSoftware.Version,
tblLinuxSoftware.InstallDate,
tblLinuxSoftware.LastChanged
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tblLinuxSoftware On tblAssets.AssetID = tblLinuxSoftware.AssetID
Inner Join tblSoftwareUni On tblSoftwareUni.SoftID =
tblLinuxSoftware.SoftwareUniID
Inner Join tblLinuxSystem On tblAssets.AssetID = tblLinuxSystem.AssetID
Where ((tblSoftwareUni.softwareName Like '%cgi%') Or
(tblSoftwareUni.softwareName = 'bash' And
DateDiff(day, tblLinuxSoftware.LastChanged, '2014-09-24') > 0)) And
tblAssetCustom.State = 1 And tblAssets.Assettype = 11
Order By tblAssets.AssetName
Thank you, Jeffrey Smith Enterprise Applications Security (319) 499-6310 JefSmith@geico.com
sukaitsu
Champion Sweeper
Lansweeper's API uses # rpm -qa to gather the installed software on Linux assets. The result from that command is what gets populated into the database.
Thank you, Jeffrey Smith Enterprise Applications Security (319) 499-6310 JefSmith@geico.com