From e50f01aaab08b3569ce0561b970b8801c5fff2a1 Mon Sep 17 00:00:00 2001 From: Lin Wenqiu <1504803016@qq.com> Date: Mon, 11 Nov 2024 12:52:38 +0800 Subject: [PATCH 1/5] =?UTF-8?q?SSTS=E6=96=B0=E5=A2=9E=E8=A7=84=E5=88=99?= =?UTF-8?q?=EF=BC=9ACVE-2023-2398=20&=20CVE-2024-2478?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../TestCaseInfo-CVE-2024-2398.json | 128 ++++++++++++++++ .../TestCaseRule-CVE-2024-2398.yara | 34 +++++ .../TestCaseInfo-CVE-2024-2478.json | 140 ++++++++++++++++++ .../TestCaseRule-CVE-2024-2478.yara | 34 +++++ 4 files changed, 336 insertions(+) create mode 100644 vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseInfo-CVE-2024-2398.json create mode 100644 vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseRule-CVE-2024-2398.yara create mode 100644 vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseInfo-CVE-2024-2478.json create mode 100644 vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseRule-CVE-2024-2478.yara diff --git a/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseInfo-CVE-2024-2398.json b/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseInfo-CVE-2024-2398.json new file mode 100644 index 0000000..20e2c89 --- /dev/null +++ b/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseInfo-CVE-2024-2398.json @@ -0,0 +1,128 @@ +{ + "month": "2024-06", + "release_time": "", + "vulnerabilities": [ + { + "month": "2024-06", + + "vul_id": { + "cve": "CVE-2024-2398", + "openharmony-sa": "" + }, + + "severity": "high", + + "vul_description": { + "zh": "如果服务器发送许多带有过多标头的PUSH_PROMISE帧,则可能会导致每个响应泄漏数MB的内存。", + "en": "If a server sends many PUSH_PROMISE frames with an excessive amount of headers, this can lead to multiple megabytes of memory leaked per response." + }, + + "vul_impact": { + "zh": "此内存泄漏可能导致大量内存消耗,进而影响使用HTTP/2服务器推送的应用程序的稳定性。", + "en": "This memory leak can lead to significant memory consumption, potentially destabilizing applications using HTTP/2 server push." + }, + + "disclosure": { + "zh": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-06.md", + "en": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2024/2024-06.md" + }, + + "patch_info": { + "4.1.x": { + "patch_url": [ + "https://gitee.com/openharmony/third_party_curl/pulls/225" + ], + "patch_file": [ + "https://gitee.com/openharmony/third_party_curl/pulls/225.patch" + ], + "diff_file": [ + "https://gitee.com/openharmony/third_party_curl/pulls/225.diff" + ] + } + }, + + "affected_projects": "third_party_curl", + + "affected_versions": [ + "4.1.0-4.1.0" + ], + + "affected_device": { + "mini": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + + "small": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + }, + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + + "standard": { + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": true, + "yara": { + "affected_files": [ + "/system/lib/libcurl_shared.z.so" + ], + "yara_rules": [ + "TestCaseRule-CVE-2024-2398.yara" + ] + } + } + } + }, + "arm64": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + } + } + } + ] +} \ No newline at end of file diff --git a/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseRule-CVE-2024-2398.yara b/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseRule-CVE-2024-2398.yara new file mode 100644 index 0000000..35795aa --- /dev/null +++ b/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseRule-CVE-2024-2398.yara @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import "console" + +rule TestCaseRule_CVE_2024_2398 +{ + meta: + date="2024-11-11" + openharmony_sa="" + cve="CVE-2024-2398" + affected_files="/system/lib/libcurl_shared.z.so" + + strings: + + $fix= {F0 B5 ?? B0 ?? 46 D0 F8 ?? ?? ?? 4D ?? 44 60 B1} + + condition: + $fix and console.log("CVE-2024-2398 testcase pass") + } + diff --git a/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseInfo-CVE-2024-2478.json b/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseInfo-CVE-2024-2478.json new file mode 100644 index 0000000..d18a52e --- /dev/null +++ b/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseInfo-CVE-2024-2478.json @@ -0,0 +1,140 @@ +{ + "month": "2024-06", + "release_time": "", + "vulnerabilities": [ + { + "month": "2024-06", + + "vul_id": { + "cve": "CVE-2024-2478", + "openharmony-sa": "" + }, + + "severity": "medium", + + "vul_description": { + "zh": "wpa_supplicant的PEAP实现中存在一个漏洞,在禁用TLS证书验证的情况下允许绕过认证,使攻击者能够跳过第二阶段认证。", + "en": "A vulnerability in wpa_supplicant's PEAP implementation allows authentication bypass when TLS certificate verification is disabled, enabling attackers to skip Phase 2 authentication." + }, + + "vul_impact": { + "zh": "此漏洞使攻击者能够伪装为企业Wi-Fi网络,对用户构成严重的安全威胁。", + "en": "This vulnerability enables attackers to impersonate Enterprise Wi-Fi networks, posing a significant security risk to users." + }, + + "disclosure": { + "zh": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-06.md", + "en": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2024/2024-06.md" + }, + + "patch_info": { + "4.0.x": { + "patch_url": [ + "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/385" + ], + "patch_file": [ + "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/385.patch" + ], + "diff_file": [ + "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/385.diff" + ] + }, + "4.1.x": { + "patch_url": [ + "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/386" + ], + "patch_file": [ + "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/386.patch" + ], + "diff_file": [ + "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/386.diff" + ] + } + }, + + "affected_projects": "third_party_wpa_supplicant", + + "affected_versions": [ + "4.0.0-4.0.0", + "4.1.0-4.1.0" + ], + + "affected_device": { + "mini": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + + "small": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + }, + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + + "standard": { + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": true, + "yara": { + "affected_files": [ + "/system/lib/libwpa_sys.z.so" + ], + "yara_rules": [ + "TestCaseRule-CVE-2024-2478.yara" + ] + } + } + } + }, + "arm64": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + } + } + } + ] +} \ No newline at end of file diff --git a/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseRule-CVE-2024-2478.yara b/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseRule-CVE-2024-2478.yara new file mode 100644 index 0000000..4728905 --- /dev/null +++ b/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseRule-CVE-2024-2478.yara @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import "console" + +rule TestCaseRule_CVE_2024_2478 +{ + meta: + date="2024-11-11" + openharmony_sa="" + cve="CVE-2024-2478" + affected_files="/system/lib/libwpa_sys.z.so" + + strings: + + $fixstring= "EAP-PEAP: Require Phase 2 authentication for initial connection" + + condition: + $fixstring and console.log("CVE-2024-2478 testcase pass") + } + -- Gitee From 9099803dac88a4298081310f8a1d4a75ed3af833 Mon Sep 17 00:00:00 2001 From: HongLanx <1504803016@qq.com> Date: Mon, 11 Nov 2024 06:34:38 +0000 Subject: [PATCH 2/5] =?UTF-8?q?Revert=20"SSTS=E6=96=B0=E5=A2=9E=E8=A7=84?= =?UTF-8?q?=E5=88=99=EF=BC=9ACVE-2023-2398=20&=20CVE-2024-2478"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit e50f01aaab08b3569ce0561b970b8801c5fff2a1. --- .../TestCaseInfo-CVE-2024-2398.json | 128 ---------------- .../TestCaseRule-CVE-2024-2398.yara | 34 ----- .../TestCaseInfo-CVE-2024-2478.json | 140 ------------------ .../TestCaseRule-CVE-2024-2478.yara | 34 ----- 4 files changed, 336 deletions(-) delete mode 100644 vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseInfo-CVE-2024-2398.json delete mode 100644 vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseRule-CVE-2024-2398.yara delete mode 100644 vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseInfo-CVE-2024-2478.json delete mode 100644 vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseRule-CVE-2024-2478.yara diff --git a/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseInfo-CVE-2024-2398.json b/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseInfo-CVE-2024-2398.json deleted file mode 100644 index 20e2c89..0000000 --- a/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseInfo-CVE-2024-2398.json +++ /dev/null @@ -1,128 +0,0 @@ -{ - "month": "2024-06", - "release_time": "", - "vulnerabilities": [ - { - "month": "2024-06", - - "vul_id": { - "cve": "CVE-2024-2398", - "openharmony-sa": "" - }, - - "severity": "high", - - "vul_description": { - "zh": "如果服务器发送许多带有过多标头的PUSH_PROMISE帧,则可能会导致每个响应泄漏数MB的内存。", - "en": "If a server sends many PUSH_PROMISE frames with an excessive amount of headers, this can lead to multiple megabytes of memory leaked per response." - }, - - "vul_impact": { - "zh": "此内存泄漏可能导致大量内存消耗,进而影响使用HTTP/2服务器推送的应用程序的稳定性。", - "en": "This memory leak can lead to significant memory consumption, potentially destabilizing applications using HTTP/2 server push." - }, - - "disclosure": { - "zh": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-06.md", - "en": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2024/2024-06.md" - }, - - "patch_info": { - "4.1.x": { - "patch_url": [ - "https://gitee.com/openharmony/third_party_curl/pulls/225" - ], - "patch_file": [ - "https://gitee.com/openharmony/third_party_curl/pulls/225.patch" - ], - "diff_file": [ - "https://gitee.com/openharmony/third_party_curl/pulls/225.diff" - ] - } - }, - - "affected_projects": "third_party_curl", - - "affected_versions": [ - "4.1.0-4.1.0" - ], - - "affected_device": { - "mini": { - "liteos": { - "rics-v": { - "scan_strategy": { - "ssts": { - "enable": false - }, - "ists": { - "enable": false - } - } - } - } - }, - - "small": { - "liteos": { - "rics-v": { - "scan_strategy": { - "ssts": { - "enable": false - }, - "ists": { - "enable": false - } - } - } - }, - "linux": { - "arm": { - "scan_strategy": { - "ssts": { - "enable": false - }, - "ists": { - "enable": false - } - } - } - } - }, - - "standard": { - "linux": { - "arm": { - "scan_strategy": { - "ssts": { - "enable": false - }, - "ists": { - "enable": true, - "yara": { - "affected_files": [ - "/system/lib/libcurl_shared.z.so" - ], - "yara_rules": [ - "TestCaseRule-CVE-2024-2398.yara" - ] - } - } - } - }, - "arm64": { - "scan_strategy": { - "ssts": { - "enable": false - }, - "ists": { - "enable": false - } - } - } - } - } - } - } - ] -} \ No newline at end of file diff --git a/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseRule-CVE-2024-2398.yara b/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseRule-CVE-2024-2398.yara deleted file mode 100644 index 35795aa..0000000 --- a/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseRule-CVE-2024-2398.yara +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (c) 2024 Huawei Device Co., Ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -import "console" - -rule TestCaseRule_CVE_2024_2398 -{ - meta: - date="2024-11-11" - openharmony_sa="" - cve="CVE-2024-2398" - affected_files="/system/lib/libcurl_shared.z.so" - - strings: - - $fix= {F0 B5 ?? B0 ?? 46 D0 F8 ?? ?? ?? 4D ?? 44 60 B1} - - condition: - $fix and console.log("CVE-2024-2398 testcase pass") - } - diff --git a/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseInfo-CVE-2024-2478.json b/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseInfo-CVE-2024-2478.json deleted file mode 100644 index d18a52e..0000000 --- a/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseInfo-CVE-2024-2478.json +++ /dev/null @@ -1,140 +0,0 @@ -{ - "month": "2024-06", - "release_time": "", - "vulnerabilities": [ - { - "month": "2024-06", - - "vul_id": { - "cve": "CVE-2024-2478", - "openharmony-sa": "" - }, - - "severity": "medium", - - "vul_description": { - "zh": "wpa_supplicant的PEAP实现中存在一个漏洞,在禁用TLS证书验证的情况下允许绕过认证,使攻击者能够跳过第二阶段认证。", - "en": "A vulnerability in wpa_supplicant's PEAP implementation allows authentication bypass when TLS certificate verification is disabled, enabling attackers to skip Phase 2 authentication." - }, - - "vul_impact": { - "zh": "此漏洞使攻击者能够伪装为企业Wi-Fi网络,对用户构成严重的安全威胁。", - "en": "This vulnerability enables attackers to impersonate Enterprise Wi-Fi networks, posing a significant security risk to users." - }, - - "disclosure": { - "zh": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-06.md", - "en": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2024/2024-06.md" - }, - - "patch_info": { - "4.0.x": { - "patch_url": [ - "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/385" - ], - "patch_file": [ - "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/385.patch" - ], - "diff_file": [ - "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/385.diff" - ] - }, - "4.1.x": { - "patch_url": [ - "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/386" - ], - "patch_file": [ - "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/386.patch" - ], - "diff_file": [ - "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/386.diff" - ] - } - }, - - "affected_projects": "third_party_wpa_supplicant", - - "affected_versions": [ - "4.0.0-4.0.0", - "4.1.0-4.1.0" - ], - - "affected_device": { - "mini": { - "liteos": { - "rics-v": { - "scan_strategy": { - "ssts": { - "enable": false - }, - "ists": { - "enable": false - } - } - } - } - }, - - "small": { - "liteos": { - "rics-v": { - "scan_strategy": { - "ssts": { - "enable": false - }, - "ists": { - "enable": false - } - } - } - }, - "linux": { - "arm": { - "scan_strategy": { - "ssts": { - "enable": false - }, - "ists": { - "enable": false - } - } - } - } - }, - - "standard": { - "linux": { - "arm": { - "scan_strategy": { - "ssts": { - "enable": false - }, - "ists": { - "enable": true, - "yara": { - "affected_files": [ - "/system/lib/libwpa_sys.z.so" - ], - "yara_rules": [ - "TestCaseRule-CVE-2024-2478.yara" - ] - } - } - } - }, - "arm64": { - "scan_strategy": { - "ssts": { - "enable": false - }, - "ists": { - "enable": false - } - } - } - } - } - } - } - ] -} \ No newline at end of file diff --git a/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseRule-CVE-2024-2478.yara b/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseRule-CVE-2024-2478.yara deleted file mode 100644 index 4728905..0000000 --- a/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseRule-CVE-2024-2478.yara +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright (c) 2024 Huawei Device Co., Ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -import "console" - -rule TestCaseRule_CVE_2024_2478 -{ - meta: - date="2024-11-11" - openharmony_sa="" - cve="CVE-2024-2478" - affected_files="/system/lib/libwpa_sys.z.so" - - strings: - - $fixstring= "EAP-PEAP: Require Phase 2 authentication for initial connection" - - condition: - $fixstring and console.log("CVE-2024-2478 testcase pass") - } - -- Gitee From 33a62519b445544a0220f08ed78c89f85c9b9558 Mon Sep 17 00:00:00 2001 From: Lin Wenqiu <1504803016@qq.com> Date: Mon, 11 Nov 2024 14:38:18 +0800 Subject: [PATCH 3/5] =?UTF-8?q?SSTS=E6=96=B0=E5=A2=9E=E8=A7=84=E5=88=99?= =?UTF-8?q?=EF=BC=9ACVE-2024-2398=20&=20CVE-2024-2478?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Lin Wenqiu <1504803016@qq.com> --- .../TestCaseInfo-CVE-2024-2398.json | 128 ++++++++++++++++ .../TestCaseRule-CVE-2024-2398.yara | 34 +++++ .../TestCaseInfo-CVE-2024-2478.json | 140 ++++++++++++++++++ .../TestCaseRule-CVE-2024-2478.yara | 34 +++++ 4 files changed, 336 insertions(+) create mode 100644 vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseInfo-CVE-2024-2398.json create mode 100644 vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseRule-CVE-2024-2398.yara create mode 100644 vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseInfo-CVE-2024-2478.json create mode 100644 vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseRule-CVE-2024-2478.yara diff --git a/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseInfo-CVE-2024-2398.json b/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseInfo-CVE-2024-2398.json new file mode 100644 index 0000000..20e2c89 --- /dev/null +++ b/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseInfo-CVE-2024-2398.json @@ -0,0 +1,128 @@ +{ + "month": "2024-06", + "release_time": "", + "vulnerabilities": [ + { + "month": "2024-06", + + "vul_id": { + "cve": "CVE-2024-2398", + "openharmony-sa": "" + }, + + "severity": "high", + + "vul_description": { + "zh": "如果服务器发送许多带有过多标头的PUSH_PROMISE帧,则可能会导致每个响应泄漏数MB的内存。", + "en": "If a server sends many PUSH_PROMISE frames with an excessive amount of headers, this can lead to multiple megabytes of memory leaked per response." + }, + + "vul_impact": { + "zh": "此内存泄漏可能导致大量内存消耗,进而影响使用HTTP/2服务器推送的应用程序的稳定性。", + "en": "This memory leak can lead to significant memory consumption, potentially destabilizing applications using HTTP/2 server push." + }, + + "disclosure": { + "zh": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-06.md", + "en": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2024/2024-06.md" + }, + + "patch_info": { + "4.1.x": { + "patch_url": [ + "https://gitee.com/openharmony/third_party_curl/pulls/225" + ], + "patch_file": [ + "https://gitee.com/openharmony/third_party_curl/pulls/225.patch" + ], + "diff_file": [ + "https://gitee.com/openharmony/third_party_curl/pulls/225.diff" + ] + } + }, + + "affected_projects": "third_party_curl", + + "affected_versions": [ + "4.1.0-4.1.0" + ], + + "affected_device": { + "mini": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + + "small": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + }, + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + + "standard": { + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": true, + "yara": { + "affected_files": [ + "/system/lib/libcurl_shared.z.so" + ], + "yara_rules": [ + "TestCaseRule-CVE-2024-2398.yara" + ] + } + } + } + }, + "arm64": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + } + } + } + ] +} \ No newline at end of file diff --git a/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseRule-CVE-2024-2398.yara b/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseRule-CVE-2024-2398.yara new file mode 100644 index 0000000..35795aa --- /dev/null +++ b/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseRule-CVE-2024-2398.yara @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import "console" + +rule TestCaseRule_CVE_2024_2398 +{ + meta: + date="2024-11-11" + openharmony_sa="" + cve="CVE-2024-2398" + affected_files="/system/lib/libcurl_shared.z.so" + + strings: + + $fix= {F0 B5 ?? B0 ?? 46 D0 F8 ?? ?? ?? 4D ?? 44 60 B1} + + condition: + $fix and console.log("CVE-2024-2398 testcase pass") + } + diff --git a/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseInfo-CVE-2024-2478.json b/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseInfo-CVE-2024-2478.json new file mode 100644 index 0000000..d18a52e --- /dev/null +++ b/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseInfo-CVE-2024-2478.json @@ -0,0 +1,140 @@ +{ + "month": "2024-06", + "release_time": "", + "vulnerabilities": [ + { + "month": "2024-06", + + "vul_id": { + "cve": "CVE-2024-2478", + "openharmony-sa": "" + }, + + "severity": "medium", + + "vul_description": { + "zh": "wpa_supplicant的PEAP实现中存在一个漏洞,在禁用TLS证书验证的情况下允许绕过认证,使攻击者能够跳过第二阶段认证。", + "en": "A vulnerability in wpa_supplicant's PEAP implementation allows authentication bypass when TLS certificate verification is disabled, enabling attackers to skip Phase 2 authentication." + }, + + "vul_impact": { + "zh": "此漏洞使攻击者能够伪装为企业Wi-Fi网络,对用户构成严重的安全威胁。", + "en": "This vulnerability enables attackers to impersonate Enterprise Wi-Fi networks, posing a significant security risk to users." + }, + + "disclosure": { + "zh": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-06.md", + "en": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2024/2024-06.md" + }, + + "patch_info": { + "4.0.x": { + "patch_url": [ + "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/385" + ], + "patch_file": [ + "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/385.patch" + ], + "diff_file": [ + "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/385.diff" + ] + }, + "4.1.x": { + "patch_url": [ + "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/386" + ], + "patch_file": [ + "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/386.patch" + ], + "diff_file": [ + "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/386.diff" + ] + } + }, + + "affected_projects": "third_party_wpa_supplicant", + + "affected_versions": [ + "4.0.0-4.0.0", + "4.1.0-4.1.0" + ], + + "affected_device": { + "mini": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + + "small": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + }, + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + + "standard": { + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": true, + "yara": { + "affected_files": [ + "/system/lib/libwpa_sys.z.so" + ], + "yara_rules": [ + "TestCaseRule-CVE-2024-2478.yara" + ] + } + } + } + }, + "arm64": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + } + } + } + ] +} \ No newline at end of file diff --git a/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseRule-CVE-2024-2478.yara b/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseRule-CVE-2024-2478.yara new file mode 100644 index 0000000..4728905 --- /dev/null +++ b/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseRule-CVE-2024-2478.yara @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import "console" + +rule TestCaseRule_CVE_2024_2478 +{ + meta: + date="2024-11-11" + openharmony_sa="" + cve="CVE-2024-2478" + affected_files="/system/lib/libwpa_sys.z.so" + + strings: + + $fixstring= "EAP-PEAP: Require Phase 2 authentication for initial connection" + + condition: + $fixstring and console.log("CVE-2024-2478 testcase pass") + } + -- Gitee From 2be1073b1e5688e0ac86f93e7ffd5e8ca4ebca9a Mon Sep 17 00:00:00 2001 From: Lin Wenqiu <1504803016@qq.com> Date: Mon, 11 Nov 2024 14:56:04 +0800 Subject: [PATCH 4/5] =?UTF-8?q?SSTS=E6=96=B0=E5=A2=9E=E8=A7=84=E5=88=99?= =?UTF-8?q?=EF=BC=9ACVE-2024-2398=20&=20CVE-2024-2478?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Lin Wenqiu <1504803016@qq.com> --- .../TestCaseInfo-CVE-2024-2398.json | 128 ++++++++++++++++ .../TestCaseRule-CVE-2024-2398.yara | 34 +++++ .../TestCaseInfo-CVE-2024-2478.json | 140 ++++++++++++++++++ .../TestCaseRule-CVE-2024-2478.yara | 34 +++++ 4 files changed, 336 insertions(+) create mode 100644 vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseInfo-CVE-2024-2398.json create mode 100644 vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseRule-CVE-2024-2398.yara create mode 100644 vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseInfo-CVE-2024-2478.json create mode 100644 vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseRule-CVE-2024-2478.yara diff --git a/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseInfo-CVE-2024-2398.json b/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseInfo-CVE-2024-2398.json new file mode 100644 index 0000000..20e2c89 --- /dev/null +++ b/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseInfo-CVE-2024-2398.json @@ -0,0 +1,128 @@ +{ + "month": "2024-06", + "release_time": "", + "vulnerabilities": [ + { + "month": "2024-06", + + "vul_id": { + "cve": "CVE-2024-2398", + "openharmony-sa": "" + }, + + "severity": "high", + + "vul_description": { + "zh": "如果服务器发送许多带有过多标头的PUSH_PROMISE帧,则可能会导致每个响应泄漏数MB的内存。", + "en": "If a server sends many PUSH_PROMISE frames with an excessive amount of headers, this can lead to multiple megabytes of memory leaked per response." + }, + + "vul_impact": { + "zh": "此内存泄漏可能导致大量内存消耗,进而影响使用HTTP/2服务器推送的应用程序的稳定性。", + "en": "This memory leak can lead to significant memory consumption, potentially destabilizing applications using HTTP/2 server push." + }, + + "disclosure": { + "zh": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-06.md", + "en": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2024/2024-06.md" + }, + + "patch_info": { + "4.1.x": { + "patch_url": [ + "https://gitee.com/openharmony/third_party_curl/pulls/225" + ], + "patch_file": [ + "https://gitee.com/openharmony/third_party_curl/pulls/225.patch" + ], + "diff_file": [ + "https://gitee.com/openharmony/third_party_curl/pulls/225.diff" + ] + } + }, + + "affected_projects": "third_party_curl", + + "affected_versions": [ + "4.1.0-4.1.0" + ], + + "affected_device": { + "mini": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + + "small": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + }, + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + + "standard": { + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": true, + "yara": { + "affected_files": [ + "/system/lib/libcurl_shared.z.so" + ], + "yara_rules": [ + "TestCaseRule-CVE-2024-2398.yara" + ] + } + } + } + }, + "arm64": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + } + } + } + ] +} \ No newline at end of file diff --git a/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseRule-CVE-2024-2398.yara b/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseRule-CVE-2024-2398.yara new file mode 100644 index 0000000..35795aa --- /dev/null +++ b/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseRule-CVE-2024-2398.yara @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import "console" + +rule TestCaseRule_CVE_2024_2398 +{ + meta: + date="2024-11-11" + openharmony_sa="" + cve="CVE-2024-2398" + affected_files="/system/lib/libcurl_shared.z.so" + + strings: + + $fix= {F0 B5 ?? B0 ?? 46 D0 F8 ?? ?? ?? 4D ?? 44 60 B1} + + condition: + $fix and console.log("CVE-2024-2398 testcase pass") + } + diff --git a/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseInfo-CVE-2024-2478.json b/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseInfo-CVE-2024-2478.json new file mode 100644 index 0000000..d18a52e --- /dev/null +++ b/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseInfo-CVE-2024-2478.json @@ -0,0 +1,140 @@ +{ + "month": "2024-06", + "release_time": "", + "vulnerabilities": [ + { + "month": "2024-06", + + "vul_id": { + "cve": "CVE-2024-2478", + "openharmony-sa": "" + }, + + "severity": "medium", + + "vul_description": { + "zh": "wpa_supplicant的PEAP实现中存在一个漏洞,在禁用TLS证书验证的情况下允许绕过认证,使攻击者能够跳过第二阶段认证。", + "en": "A vulnerability in wpa_supplicant's PEAP implementation allows authentication bypass when TLS certificate verification is disabled, enabling attackers to skip Phase 2 authentication." + }, + + "vul_impact": { + "zh": "此漏洞使攻击者能够伪装为企业Wi-Fi网络,对用户构成严重的安全威胁。", + "en": "This vulnerability enables attackers to impersonate Enterprise Wi-Fi networks, posing a significant security risk to users." + }, + + "disclosure": { + "zh": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-06.md", + "en": "https://gitee.com/openharmony/security/blob/master/en/security-disclosure/2024/2024-06.md" + }, + + "patch_info": { + "4.0.x": { + "patch_url": [ + "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/385" + ], + "patch_file": [ + "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/385.patch" + ], + "diff_file": [ + "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/385.diff" + ] + }, + "4.1.x": { + "patch_url": [ + "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/386" + ], + "patch_file": [ + "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/386.patch" + ], + "diff_file": [ + "https://gitee.com/openharmony/third_party_wpa_supplicant/pulls/386.diff" + ] + } + }, + + "affected_projects": "third_party_wpa_supplicant", + + "affected_versions": [ + "4.0.0-4.0.0", + "4.1.0-4.1.0" + ], + + "affected_device": { + "mini": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + + "small": { + "liteos": { + "rics-v": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + }, + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + }, + + "standard": { + "linux": { + "arm": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": true, + "yara": { + "affected_files": [ + "/system/lib/libwpa_sys.z.so" + ], + "yara_rules": [ + "TestCaseRule-CVE-2024-2478.yara" + ] + } + } + } + }, + "arm64": { + "scan_strategy": { + "ssts": { + "enable": false + }, + "ists": { + "enable": false + } + } + } + } + } + } + } + ] +} \ No newline at end of file diff --git a/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseRule-CVE-2024-2478.yara b/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseRule-CVE-2024-2478.yara new file mode 100644 index 0000000..4728905 --- /dev/null +++ b/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseRule-CVE-2024-2478.yara @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import "console" + +rule TestCaseRule_CVE_2024_2478 +{ + meta: + date="2024-11-11" + openharmony_sa="" + cve="CVE-2024-2478" + affected_files="/system/lib/libwpa_sys.z.so" + + strings: + + $fixstring= "EAP-PEAP: Require Phase 2 authentication for initial connection" + + condition: + $fixstring and console.log("CVE-2024-2478 testcase pass") + } + -- Gitee From 260008a2d475e3910cbb5171466cf3c0dfd64314 Mon Sep 17 00:00:00 2001 From: Lin Wenqiu <1504803016@qq.com> Date: Wed, 4 Dec 2024 19:43:38 +0800 Subject: [PATCH 5/5] Update Files Signed-off-by: Lin Wenqiu <1504803016@qq.com> --- .../2024/06/CVE-2024-2398/TestCaseInfo-CVE-2024-2398.json | 2 +- .../2024/06/CVE-2024-2398/TestCaseRule-CVE-2024-2398.yara | 2 +- .../2024/06/CVE-2024-2478/TestCaseInfo-CVE-2024-2478.json | 1 + .../2024/06/CVE-2024-2478/TestCaseRule-CVE-2024-2478.yara | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseInfo-CVE-2024-2398.json b/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseInfo-CVE-2024-2398.json index 20e2c89..dd6b8db 100644 --- a/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseInfo-CVE-2024-2398.json +++ b/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseInfo-CVE-2024-2398.json @@ -101,7 +101,7 @@ "enable": true, "yara": { "affected_files": [ - "/system/lib/libcurl_shared.z.so" + "/system/lib/platformsdk/libcurl_shared.z.so" ], "yara_rules": [ "TestCaseRule-CVE-2024-2398.yara" diff --git a/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseRule-CVE-2024-2398.yara b/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseRule-CVE-2024-2398.yara index 35795aa..1a9eb15 100644 --- a/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseRule-CVE-2024-2398.yara +++ b/vulntest/SSTSTestcases/2024/06/CVE-2024-2398/TestCaseRule-CVE-2024-2398.yara @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024 Beijing University of Posts and Telecommunications. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseInfo-CVE-2024-2478.json b/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseInfo-CVE-2024-2478.json index d18a52e..3ffb6ae 100644 --- a/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseInfo-CVE-2024-2478.json +++ b/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseInfo-CVE-2024-2478.json @@ -113,6 +113,7 @@ "enable": true, "yara": { "affected_files": [ + "/system/lib/libwpa.z.so", "/system/lib/libwpa_sys.z.so" ], "yara_rules": [ diff --git a/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseRule-CVE-2024-2478.yara b/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseRule-CVE-2024-2478.yara index 4728905..70c6f94 100644 --- a/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseRule-CVE-2024-2478.yara +++ b/vulntest/SSTSTestcases/2024/06/CVE-2024-2478/TestCaseRule-CVE-2024-2478.yara @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024 Beijing University of Posts and Telecommunications. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. -- Gitee