[Bro] vulnerable.bro error on check

Vlad Grigorescu vladg at cmu.edu
Sat Jul 27 18:00:01 PDT 2013 

On Jul 27, 2013, at 7:00 PM, Tyler T. Schoenke <tyler.schoenke at colorado.edu> wrote:

>> fatal error in /opt/bro/share/bro/policy/frameworks/software/vulnerable.bro, line 41: BroType::AsRecordType (table/record) (set[record { min:record { major:count; minor:count; minor2:count; minor3:count; addl:string; }; max:record { major:count; minor:count; minor2:count; minor3:count; addl:string; }; }])
> 
> Not trying to hijack the thread, but ditto for me on the above message.  I just updated to git master today after running an old version for a long time.  Commenting out f/s/vulnerable in local.bro bypasses error.


The way vulnerable software is specified has changed to allow for more flexibility. Here's what my local.bro has, for example:

> global java_1_6_vuln: Software::VulnerableVersionRange = [$max=[$major=1,$minor=6,$minor2=0,$minor3=44]];
> global java_1_7_vuln: Software::VulnerableVersionRange = [$min=[$major=1,$minor=7], $max=[$major=1,$minor=7,$minor2=0,$minor3=20]];
> 
> redef Software::vulnerable_versions += {
>         ["Java"] = set(java_1_6_vuln, java_1_7_vuln)
> };

This defines any Java <= 1.6.0.44 and any Java >= 1.7 and <= 1.7.0.20 as vulnerable.

>From CHANGES:

>  2.1-366 | 2013-03-17 12:35:59 -0700
> 
>    * Improvements to vulnerable software detection. (Seth Hall)
>      
>       - Add a DNS based updating method.  This needs to be tested
>         still.
>  
>       - Vulnerable version ranges are used now instead of only single
>         versions.  This can deal with software with multiple stable
>         major versions.
>  
>    * Update software version parsing and comparison to account for a
>      third numeric subversion. Also, $addl is now compared numerically
>      if the value is actually numeric. (Seth Hall)

> Is it safe to assume accounts didn't get ported over to the new Tracker?

See: <http://blog.bro.org/2013/07/bug-tracker-migration.html>, specifically:

> The most significant thing users should note is that as part of the import in to JIRA, accounts have been created with the same usernames as were in Trac, however password resets need to be requested before they can be used to log in.  This can be done by selecting the "Unable to access your account?" link from the log in screen to request password reset instructions via email. 

Hope this helps,

  --Vlad

More information about the Bro mailing list