infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

only match by CVE refs 

the other refs can be non-specific and refer
to multiple distinct vulns, resulting in
incorrect refs being attached to a vuln leading to
a snowball effect with more and more vulns being
misidentified.

MSP-12183
bug/bundler_fix
David Maloney 2015-02-26 14:57:16 -06:00
parent 8351920d1e
commit a72d49678a
No known key found for this signature in database
GPG Key ID: DEDBA9DC3A913DB2
1 changed files with 2 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
lib/msf/core/db_manager/vuln.rb
View File

@ -45,30 +45,8 @@ module Msf::DBManager::Vuln
end
def find_vuln_by_refs(refs, host, service=nil)
vuln = nil
# Try to find an existing vulnerability with the same service & references
# If there are multiple matches, choose the one with the most matches
if service
refs_ids = refs.map{|x| x.id }
vuln = service.vulns.where({ 'refs.id' => refs_ids }).includes(:refs).sort { |a,b|
( refs_ids - a.refs.map{|x| x.id } ).length <=> ( refs_ids - b.refs.map{|x| x.id } ).length
}.first
end
# Return if we matched based on service
return vuln if vuln
# Try to find an existing vulnerability with the same host & references
# If there are multiple matches, choose the one with the most matches
# Do not match based on URL refs because they are not unique or authoritative
refs_ids = refs.map{|x| x.id unless x.name.starts_with? 'URL-' }.compact
vuln = host.vulns.where({ 'service_id' => nil, 'refs.id' => refs_ids }).includes(:refs).sort { |a,b|
( refs_ids - a.refs.map{|x| x.id } ).length <=> ( refs_ids - b.refs.map{|x| x.id } ).length
}.first
return vuln
ref_ids = refs.find_all { |ref| ref.name.starts_with? 'CVE-'}
host.vulns.joins(:refs).where(service_id: service.try(:id), refs: { id: ref_ids}).first
end
def get_vuln(wspace, host, service, name, data='')