How to manage/report "false positives" in Vulnerability detector?
627 views
Skip to first unread message
Andreas Falk
Mar 23, 2019, 7:23:32 AM3/23/19
to Wazuh mailing list
Hi,
Perhaps the best thing would be to do a PR / "false positive", but I haven't really dug in that deep yet. :)
I'm trying out the Vulnerability-Detector capability on Ubuntu and Debian.
And there are a few false positives there, at least from what I understand of the reports.
My question here is how do you guys think that I / we should handle those?
Instead of spamming the issues on github with this, is there a better way to report these kind of "bugs"?
My question here is how do you guys think that I / we should handle those?
Instead of spamming the issues on github with this, is there a better way to report these kind of "bugs"?
I guess that I can exclude them in an CBD, but perhaps it is better to report them directly to the project?
This is the result of a newly installed and updated Debian 9 installation as of today [2019-03-23]
| Severity | Title | Reference | CVE | Count |
|---|---|---|---|---|
| Unknown | CVE-2002-1344 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1344 | CVE-2002-1344 | 1 |
| Unknown | CVE-2002-1350 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1350 | CVE-2002-1350 | 1 |
| Unknown | CVE-2005-2368 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2368 | CVE-2005-2368 | 1 |
| Unknown | CVE-2005-2541 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2541 | CVE-2005-2541 | 1 |
| Unknown | CVE-2005-2876 | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2876 | CVE-2005-2876 | 1 |
Any suggestion what way to continue, fix locally or create an issue for those?
Perhaps the best thing would be to do a PR / "false positive", but I haven't really dug in that deep yet. :)
--
Regards Falk
cris...@wazuh.com
Mar 26, 2019, 5:39:25 AM3/26/19
to Wazuh mailing list
Hi Andreas,
When it has been suggested to use CBD list to control false positives it has been as a temporary solution while implementing the fix. At this time we are not aware of any false positives that have been controlled with these methods.
In addition, the official Debian vulnerability feed does not include the severity of the vulnerabilities.
Tell us why you think you have false positives and we will investigate it.
Best regards,
Cristobal Lopez.
When it has been suggested to use CBD list to control false positives it has been as a temporary solution while implementing the fix. At this time we are not aware of any false positives that have been controlled with these methods.
In addition, the official Debian vulnerability feed does not include the severity of the vulnerabilities.
Tell us why you think you have false positives and we will investigate it.
Best regards,
Cristobal Lopez.
cris...@wazuh.com
Mar 26, 2019, 2:57:36 PM3/26/19
to Wazuh mailing list
Hi Andres,
We have found an invalid condition that can generate false positives in the Ubuntu and Debian feeds. You can see its fix here.
It will be included in the next version of Wazuh, which will be released very soon.
Best regards,
Cristobal Lopez.
We have found an invalid condition that can generate false positives in the Ubuntu and Debian feeds. You can see its fix here.
It will be included in the next version of Wazuh, which will be released very soon.
Best regards,
Cristobal Lopez.
Andreas Falk
Mar 26, 2019, 3:28:20 PM3/26/19
to Wazuh mailing list
Hi,
Great to hear that you found something, I started to wonder what I missed :)
And thanks for the quick answer and great product!
--
Kind Regards Falk
Reply all
Reply to author
Forward
0 new messages