Skip to content

e2e: Test openssl vulns in RHEL 9 #998

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Nov 2, 2022
Merged

e2e: Test openssl vulns in RHEL 9 #998

Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
792a6ea
add RHEL 9 test
RTann Nov 1, 2022
522bbd3
CI
RTann Nov 1, 2022
2367a0f
CI
RTann Nov 1, 2022
db60326
wrong version
RTann Nov 1, 2022
32b3b15
update
RTann Nov 1, 2022
a2685d7
last one
RTann Nov 1, 2022
2dc97c2
make it stop
RTann Nov 1, 2022
f1aa7df
update description
RTann Nov 1, 2022
74285db
i hate this
RTann Nov 1, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
116 changes: 116 additions & 0 deletions e2etests/testcase_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3415,6 +3415,122 @@ var testCases = []testCase{
},
},
expectedFeatures: []apiV1.Feature{
{
AddedBy: "sha256:2412e60e610160d090f7e974a208c6ffd26b2d530361b7c9aa8967e160ac7996",
Name: "openssl",
NamespaceName: "rhel:9",
Version: "1:3.0.1-23.el9_0.x86_64",
VersionFormat: "rpm",
FixedBy: "1:3.0.1-41.el9_0",
Vulnerabilities: []apiV1.Vulnerability{
{
Name: "CVE-2022-3602",
NamespaceName: "rhel:9",
Description: `DOCUMENTATION: A stack-based buffer overflow was found in the way OpenSSL processes X.509 certificates with a specially crafted email address field. This issue could cause a server or a client application compiled with OpenSSL to crash or possibly execute remote code when trying to process the malicious certificate.
STATEMENT: As per upstream, the most common situation where this can be triggered is when a server requests client authentication after a malicious client connects. A client connecting to a malicious server is also believed to be vulnerable in the same manner. Only OpenSSL versions 3.0.0 to 3.0.6 are vulnerable to this attack.`,
Link: "https://access.redhat.com/security/cve/CVE-2022-3602",
Severity: "Important",
Metadata: map[string]interface{}{
"Red Hat": map[string]interface{}{
"CVSSv2": map[string]interface{}{
"ExploitabilityScore": 0.0,
"ImpactScore": 0.0,
"Score": 0.0,
"Vectors": "",
},
"CVSSv3": map[string]interface{}{
"ExploitabilityScore": 2.8,
"ImpactScore": 5.9,
"Score": 8.8,
"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
},
},
},
},
{
Name: "CVE-2022-3786",
NamespaceName: "rhel:9",
Description: `DOCUMENTATION: A stack-based buffer overflow was found in the way OpenSSL processes X.509 certificates with a specially crafted email address field. This issue could cause a server or a client application compiled with OpenSSL to crash or possibly execute remote code when trying to process the malicious certificate.
STATEMENT: As per upstream, the most common situation where this can be triggered is when a server requests client authentication after a malicious client connects. A client connecting to a malicious server is also believed to be vulnerable in the same manner. Only OpenSSL versions 3.0.0 to 3.0.6 are vulnerable to this attack.`,
Link: "https://access.redhat.com/security/cve/CVE-2022-3786",
Severity: "Important",
Metadata: map[string]interface{}{
"Red Hat": map[string]interface{}{
"CVSSv2": map[string]interface{}{
"ExploitabilityScore": 0.0,
"ImpactScore": 0.0,
"Score": 0.0,
"Vectors": "",
},
"CVSSv3": map[string]interface{}{
"ExploitabilityScore": 3.9,
"ImpactScore": 3.6,
"Score": 7.5,
"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
},
},
},
},
},
},
{
AddedBy: "sha256:2412e60e610160d090f7e974a208c6ffd26b2d530361b7c9aa8967e160ac7996",
Name: "openssl-libs",
NamespaceName: "rhel:9",
Version: "1:3.0.1-23.el9_0.x86_64",
VersionFormat: "rpm",
FixedBy: "1:3.0.1-41.el9_0",
Vulnerabilities: []apiV1.Vulnerability{
{
Name: "CVE-2022-3602",
NamespaceName: "rhel:9",
Description: `DOCUMENTATION: A stack-based buffer overflow was found in the way OpenSSL processes X.509 certificates with a specially crafted email address field. This issue could cause a server or a client application compiled with OpenSSL to crash or possibly execute remote code when trying to process the malicious certificate.
STATEMENT: As per upstream, the most common situation where this can be triggered is when a server requests client authentication after a malicious client connects. A client connecting to a malicious server is also believed to be vulnerable in the same manner. Only OpenSSL versions 3.0.0 to 3.0.6 are vulnerable to this attack.`,
Link: "https://access.redhat.com/security/cve/CVE-2022-3602",
Severity: "Important",
Metadata: map[string]interface{}{
"Red Hat": map[string]interface{}{
"CVSSv2": map[string]interface{}{
"ExploitabilityScore": 0.0,
"ImpactScore": 0.0,
"Score": 0.0,
"Vectors": "",
},
"CVSSv3": map[string]interface{}{
"ExploitabilityScore": 2.8,
"ImpactScore": 5.9,
"Score": 8.8,
"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
},
},
},
},
{
Name: "CVE-2022-3786",
NamespaceName: "rhel:9",
Description: `DOCUMENTATION: A stack-based buffer overflow was found in the way OpenSSL processes X.509 certificates with a specially crafted email address field. This issue could cause a server or a client application compiled with OpenSSL to crash or possibly execute remote code when trying to process the malicious certificate.
STATEMENT: As per upstream, the most common situation where this can be triggered is when a server requests client authentication after a malicious client connects. A client connecting to a malicious server is also believed to be vulnerable in the same manner. Only OpenSSL versions 3.0.0 to 3.0.6 are vulnerable to this attack.`,
Link: "https://access.redhat.com/security/cve/CVE-2022-3786",
Severity: "Important",
Metadata: map[string]interface{}{
"Red Hat": map[string]interface{}{
"CVSSv2": map[string]interface{}{
"ExploitabilityScore": 0.0,
"ImpactScore": 0.0,
"Score": 0.0,
"Vectors": "",
},
"CVSSv3": map[string]interface{}{
"ExploitabilityScore": 3.9,
"ImpactScore": 3.6,
"Score": 7.5,
"Vectors": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
},
},
},
},
},
},
{
AddedBy: "sha256:2412e60e610160d090f7e974a208c6ffd26b2d530361b7c9aa8967e160ac7996",
Name: "python3-urllib3",
Expand Down