Last active
July 3, 2024 14:42
-
-
Save swachchhanda000/8715c003871402a8d623ab0091f43e77 to your computer and use it in GitHub Desktop.
OSquery for detecting RegreSSHion CVE-2024-6387
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SELECT 'DEB Package' AS PACKAGE_MANAGER, name, version, CAST(SUBSTR(version, 3, 3) AS FLOAT) AS float_version, | |
| CASE | |
| WHEN CAST(SUBSTR(version, 3, 3) AS FLOAT) < 4.4 THEN 'YES (Unless patched for CVE-2006-5051 and CVE-2008-4109)' | |
| WHEN CAST(SUBSTR(version, 3, 3) AS FLOAT) >= 4.4 AND CAST(SUBSTR(version, 3, 3) AS FLOAT) < 8.5 THEN 'NOT Vulnerable' | |
| WHEN CAST(SUBSTR(version, 3, 3) AS FLOAT) >= 8.5 AND CAST(SUBSTR(version, 3, 3) AS FLOAT) <= 9.7 THEN 'Potentially Vulnerable' | |
| ELSE 'UNKNOWN' | |
| END AS vulnerability_status | |
| FROM | |
| deb_packages | |
| WHERE | |
| source LIKE 'openssh' or name like 'openssh%' | |
| UNION | |
| SELECT 'RPM Package' AS PACKAGE_MANAGER, name, version, CAST(SUBSTR(version, 3, 3) AS FLOAT) AS float_version, | |
| CASE | |
| WHEN CAST(SUBSTR(version, 3, 3) AS FLOAT) < 4.4 THEN 'YES (Unless patched for CVE-2006-5051 and CVE-2008-4109)' | |
| WHEN CAST(SUBSTR(version, 3, 3) AS FLOAT) >= 4.4 AND CAST(SUBSTR(version, 3, 3) AS FLOAT) < 8.5 THEN 'NOT Vulnerable' | |
| WHEN CAST(SUBSTR(version, 3, 3) AS FLOAT) >= 8.5 AND CAST(SUBSTR(version, 3, 3) AS FLOAT) <= 9.7 THEN 'Potentially Vulnerable' | |
| ELSE 'UNKNOWN' | |
| END AS vulnerability_status | |
| FROM | |
| rpm_packages | |
| WHERE | |
| source LIKE 'openssh' or name like 'openssh%'; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment