Ubuntu wazuh vulnerability detection issue
99 views
Skip to first unread message
Srikar Naramsetty
Dec 23, 2022, 6:09:07 AM12/23/22
to Wazuh mailing list
Hi,
Wazuh version: 4.1.5
I am seeing a weird issue with Wazuh vulnerability detection.
Wazuh is reporting that one of my servers has a vulnerable package related to CVE-2021-31873 , I see that the updated package is getting reflected in Wazuh. But Wazuh still reports the issue.
From the https://ubuntu.com/security/CVE-2021-31870 it should already have been fixed. Can you tell me why is wazuh still reporting it and how can I fix it?
data.vulnerability.rationale: An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer overflow.
Could it be a chance that wazuh is expecting version > 2.0.9 but Ubuntu released a fix in a different version 2.0.4-9ubuntu2.1
.png?part=0.1&view=1)
Wazuh is reporting that one of my servers has a vulnerable package related to CVE-2021-31873 , I see that the updated package is getting reflected in Wazuh. But Wazuh still reports the issue.
From the https://ubuntu.com/security/CVE-2021-31870 it should already have been fixed. Can you tell me why is wazuh still reporting it and how can I fix it?
data.vulnerability.rationale: An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer overflow.
Could it be a chance that wazuh is expecting version > 2.0.9 but Ubuntu released a fix in a different version 2.0.4-9ubuntu2.1
Wazuh version: 4.1.5
Thanks,
Srikar
Gonzalo Acuña
Dec 23, 2022, 11:30:42 AM12/23/22
to Wazuh mailing list
Hi.
Analyzing the vulnerability should indeed be resolved for version 2.0.4-9ubuntu2.1 of Ubuntu. From what I see, you have Wazuh version 4.1.5 installed. We recommend you to upgrade Wazuh to the latest version 4.3.10, since the vulnerability detector had many changes, improvements and bug fixes in the latest versions. In particular, your problem may have been solved in this PR: https://github.com/wazuh/wazuh/pull/11440.
I share the link so you can perform the migration:
- https://documentation.wazuh.com/current/migration-guide/index.html
Note that for this version Wazuh has its own Elastic Forks. At this point you can choose to migrate to these forks or if you have Open Distro for Elasticsearch upgrade it or if you have the Elastic Stack upgrade it. In the guide, you have the steps to update whatever your case is.
Regards.
Gonzalo.
Analyzing the vulnerability should indeed be resolved for version 2.0.4-9ubuntu2.1 of Ubuntu. From what I see, you have Wazuh version 4.1.5 installed. We recommend you to upgrade Wazuh to the latest version 4.3.10, since the vulnerability detector had many changes, improvements and bug fixes in the latest versions. In particular, your problem may have been solved in this PR: https://github.com/wazuh/wazuh/pull/11440.
I share the link so you can perform the migration:
- https://documentation.wazuh.com/current/migration-guide/index.html
Note that for this version Wazuh has its own Elastic Forks. At this point you can choose to migrate to these forks or if you have Open Distro for Elasticsearch upgrade it or if you have the Elastic Stack upgrade it. In the guide, you have the steps to update whatever your case is.
Regards.
Gonzalo.
Reply all
Reply to author
Forward
0 new messages