cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
df1823
Engaged Sweeper II
Hi

I know this is probably a long shot but has anyone got a report (or being able to point me in the right direction) to search for machines that might be running libssh, so i can then see if they are vulnerable to CVE-2018-10933

Thanks
3 REPLIES 3
Esben_D
Lansweeper Employee
Lansweeper Employee
I had a few linux machines in my test environment that did have libSSH in the installed software. So I presume it shows up if it's installed.
df1823
Engaged Sweeper II
Thanks that didnt show up anything in the report, so i probed a little deeper and ran the report which shows devices with SSH enabled on them, then i ran various NMAP scripts to confirm that libSSH isnt running on those devices
Esben_D
Lansweeper Employee
Lansweeper Employee
I'm assuming that libSSH just shows up under installed software, if so, the following should work. Do note that the report isn't filtered on anything else but software name. I didn't really look into the vulnerability and which versions it affects.

Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblLinuxSystem.OSRelease,
tblSoftwareUni.softwareName,
tblLinuxSoftware.Version,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Left Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblLinuxSoftware On tblAssets.AssetID = tblLinuxSoftware.AssetID
Inner Join tblSoftwareUni On
tblSoftwareUni.SoftID = tblLinuxSoftware.SoftwareUniID
Inner Join tblLinuxSystem On tblAssets.AssetID = tblLinuxSystem.AssetID
Where tblSoftwareUni.softwareName Like '%LibSSH%' And tblState.Statename =
'Active'
Order By tblAssets.Domain,
tblAssets.AssetName