Updated def:12313

Gaurav,

 

I reviewing your submission in noticed a few issues:

 

-          I noticed that you edited the <oval_repository/> element’s date information with a comment for your change. This is helpful information, and important to add. However, we have developed tools that entirely manage the content of the <oval_repository/> element. In the future please do not edit this element. I have removed it from the attached version of the modified definition.

-          On line 46 of the submitted file, you added:

<extend_definition definition_ref="oval:org.mitre.oval:def:11985" comment="Microsoft Internet Explorer 9 is installed"/>

However, you did not in fact negate this extend_definition element. There is a @negate attribute that can be applied to this element.

-          The submitted document is not XML Schema valid. It looks like you added a reference to the definition that checks for IE( being installed, but did not add the actual definition to the document that you submitted.

-          In your effort to add the extended definition you essentially wrapped all existing criteria in one additional criteria that ANDed the previous results with the results of looking for IE9. That approach is reasonable, but I felt like it was a bit easier to read if you pushed the check for IE9 down into the existing criteria structure. This caused me to reference the IE9 inventory definition twice. Once for no service pack and once for with service pack 1.

 

More information about submissions can be found here: https://oval.mitre.org/repository/about/submission.html

 

As it turns out, in working through the above issues I corrected them. The changes reflected in the attached document are now available in the oval repository.  Our static downloads are being updated to reflect this change now too.

 

Thanks,

 

Jon

 

============================================

Jonathan O. Baker

G022 - IA Industry Collaboration

The MITRE Corporation

Email: [hidden email]

 

From: Gaurav Kumar [mailto:[hidden email]]
Sent: Saturday, March 31, 2012 7:38 PM
To: oval-discussion-list OVAL Discussion List/Closed Public Discussi
Subject: [OVAL-DISCUSSION-LIST] Updated def:12313

 

Please find attached updated 12313 definition id. 

 

Modification made:

Negate the result if IE9 is installed. According to MS11-031 which replaces MS11-009 (bulletin on which this def:12313 is made) :

Systems with Internet Explorer 9 installed are not affected and do not require this update

 

 

Thanks,

--

Gaurav Kumar

Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:<a href="tel:%28425%29686-9695" value="+14256869695" target="_blank">(425)686-9695 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

Hi,

 

I am not convinced if we have to make this change to the oval:org.mitre.oval:def:12313 because the MS11-009 fixes a different vulnerability than MS11-031 and it does not specify that the IE9 is not affected. Also, the def:12313 should not generate a false positive when IE9 is installed because the versions of the JScript 5.8 and VBScript 5.8 scripting engines are already greater than the one used by the OVAL definition.

 

Gaurav, have you recommended the change based on the fact MS11-031 replaces MS11-009 or have you tested the def:12313 and it generated false positives?

 

Regards,

_Dragos.

 

From: Baker, Jon [mailto:[hidden email]]
Sent: Monday, April 02, 2012 8:47 AM
To: [hidden email]
Subject: Re: [OVAL-DISCUSSION-LIST] Updated def:12313

 

Gaurav,

 

I reviewing your submission in noticed a few issues:

 

-          I noticed that you edited the <oval_repository/> element’s date information with a comment for your change. This is helpful information, and important to add. However, we have developed tools that entirely manage the content of the <oval_repository/> element. In the future please do not edit this element. I have removed it from the attached version of the modified definition.

-          On line 46 of the submitted file, you added:

<extend_definition definition_ref="oval:org.mitre.oval:def:11985" comment="Microsoft Internet Explorer 9 is installed"/>

However, you did not in fact negate this extend_definition element. There is a @negate attribute that can be applied to this element.

-          The submitted document is not XML Schema valid. It looks like you added a reference to the definition that checks for IE( being installed, but did not add the actual definition to the document that you submitted.

-          In your effort to add the extended definition you essentially wrapped all existing criteria in one additional criteria that ANDed the previous results with the results of looking for IE9. That approach is reasonable, but I felt like it was a bit easier to read if you pushed the check for IE9 down into the existing criteria structure. This caused me to reference the IE9 inventory definition twice. Once for no service pack and once for with service pack 1.

 

More information about submissions can be found here: https://oval.mitre.org/repository/about/submission.html

 

As it turns out, in working through the above issues I corrected them. The changes reflected in the attached document are now available in the oval repository.  Our static downloads are being updated to reflect this change now too.

 

Thanks,

 

Jon

 

============================================

Jonathan O. Baker

G022 - IA Industry Collaboration

The MITRE Corporation

Email: [hidden email]

 

From: Gaurav Kumar [mailto:[hidden email]]
Sent: Saturday, March 31, 2012 7:38 PM
To: oval-discussion-list OVAL Discussion List/Closed Public Discussi
Subject: [OVAL-DISCUSSION-LIST] Updated def:12313

 

Please find attached updated 12313 definition id. 

 

Modification made:

Negate the result if IE9 is installed. According to MS11-031 which replaces MS11-009 (bulletin on which this def:12313 is made) :

Systems with Internet Explorer 9 installed are not affected and do not require this update

 

 

Thanks,

--

Gaurav Kumar

Chief Security Consultant, Pivotal Security LLC | Email: [hidden email] | Phone:<a href="tel:%28425%29686-9695" value="+14256869695" target="_blank">(425)686-9695 

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to [hidden email].

To unsubscribe, send an email message to [hidden email] with SIGNOFF OVAL-DISCUSSION-LIST in the BODY of the message. If you have difficulties, write to [hidden email].