Comments (10)
Additionally, if there are no root files found in the firmware package, such as www, var, bin, rootfs, and only some ELF, XML, HTML, or RSA files, will there be no software CVE vulnerabilities in this situation?
from emba.
Perfect if you found false positives and issues in EMBA ;)
Please provide examples with test firmware for reproducing. Otherwise we are not able to fix these issues.
You can also check our version identifiers here: https://github.com/e-m-b-a/emba/blob/master/config/bin_version_strings.cfg
And further documentation here https://github.com/e-m-b-a/emba/wiki/User-mode-Emulator
from emba.
Additionally, if there are no root files found in the firmware package, such as www, var, bin, rootfs, and only some ELF, XML, HTML, or RSA files, will there be no software CVE vulnerabilities in this situation?
from emba.
This wiki entry should help you: https://github.com/e-m-b-a/emba/wiki/OS-support#vxworks-based-firmware
At the end you need to test it ...
from emba.
I found the following sentence in the URL: https://github.com/e-m-b-a/emba/blob/master/config/bin_version_strings.cfg
”no_static -> typically this rule produces false positives in static analysis -> only use this rule in emulation mode”
Does this mean that most software versions will generate false positives?
from emba.
I encountered the same problem as this one:
#193
I want to know if EMBA can solve this problem now
from emba.
You can use the cve-black and whitelists here https://github.com/e-m-b-a/emba/blob/master/config/cve-blacklist.txt and here https://github.com/e-m-b-a/emba/blob/master/config/cve-whitelist.txt
from emba.
May I ask if CVE detection is only based on version number matching? Are there any other rules?
from emba.
The CVE detection is a bit more complicated.
- The mechanism is based on the version detection regex rules defined here
- These rules are then modified with sed (same config) to query the cve database via cve-search
- For the detection by itself we have multiple modules:
- s06 for distribution identification (rules are coded in the module)
- s08 for package management
- s09 for static detection
- s24/s25 for kernel version detection
- s26 for kernel vulnerbility detection/verification based on the kernel config or extracted symbols
- s115/s116 for user-mode emulation
- L10/L15 for detection in system mode emulation via Nmap scanning
- L25 for web server detection (in system mode emulation)
- L35 for CVE detection via exploitation from Metasploit
- F20 is finally the aggregator module which brings everything together
As you can see the CVE/version detection is not that easy. Every module has its own advantages and disadvantages. Some are only running for special firmwares and if some special conditions are met.
from emba.
Without the firmware which was used and produced the high number of false positives we can't further help. Closing for now ... please re-open if needed with a dedicatet firmware example
from emba.
Related Issues (20)
- Improve "ISC DHCP" detection and CVE search HOT 13
- installer.sh failing with non-english locale HOT 10
- module_blacklist.txt gets ignored with default-scan.emba profile HOT 2
- Are we able to get the file system in the firmware? HOT 7
- The s110 module cannot be executed normally HOT 4
- New Kali Linux 2024-2 available HOT 8
- docker image question HOT 9
- emba install error << when i start build the emba in docker with this command "sudo docker-compose build emba " the install stop in 7/9 step << please help me HOT 6
- unsupported manifest format HOT 5
- installer issue HOT 3
- running issue HOT 9
- cannot finish the installation HOT 7
- "./installer.sh -d " failed HOT 3
- Report generation after a (default) scan HOT 8
- Run sudo ./installer.sh in a gitpod.io instance and receive an error HOT 8
- Installation stopped HOT 10
- Please update the feature overview HOT 3
- Issues: Missing NVD CVE database HOT 6
- Python runner module HOT 7
- TypeError: kwargs_from_env() got an unexpected keyword argument 'ssl_version' HOT 15
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from emba.