Test document

...

Robot_based_on_SSES_BP_Test_document.pdfheight250

*The following word file is base file of the above pdf.
...
There are 23 CVEs with a CVSS score >= 9.0. These are exceptions requested here:
Release 5: Akraino CVE Vulnerability Exception Request
CVE-ID
CVSS
NVD
Fix/Notes
PACKAGES
CVE-2016-1585
9.8
https://nvd.nist.gov/vuln/detail/CVE-2016-1585
No fix available
apparmor
CVE-2017-18201
9.8
https://nvd.nist.gov/vuln/detail/CVE-2017-18201
No fix available
libcdio17
CVE-2017-7827
9.8
https://nvd.nist.gov/vuln/detail/CVE-2017-7827
No fix available
libmozjs-52-0
CVE-2018-5090
9.8
https://nvd.nist.gov/vuln/detail/CVE-2018-5090
Reported fixed in 58 and later version (installed), but still reported by Vuls
libmozjs-52-0
CVE-2018-5126
9.8
https://nvd.nist.gov/vuln/detail/CVE-2018-5126
Reported fixed in 58 and later version (installed), but still reported by Vuls
libmozjs-52-0
CVE-2018-5145
9.8
https://nvd.nist.gov/vuln/detail/CVE-2018-5145
Reported fixed in 1:52.7.0 and later version (installed), but still reported by Vuls
libmozjs-52-0
CVE-2018-5151
9.8
https://nvd.nist.gov/vuln/detail/CVE-2018-5151
Reported fixed in 60 and later version (installed), but still reported by Vuls
libmozjs-52-0
CVE-2019-17041
9.8
https://nvd.nist.gov/vuln/detail/CVE-2019-17041
No fix available
rsyslog
CVE-2019-17042
9.8
https://nvd.nist.gov/vuln/detail/CVE-2019-17042
No fix available
rsyslog
CVE-2021-31870
9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-31870
No fix available
klibc-utils, libklibc
CVE-2021-31872
9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-31872
No fix available
klibc-utils, libklibc
CVE-2021-31873
9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-31873
No fix available
klibc-utils, libklibc
CVE-2021-39713
9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-39713
No fix available
linux-image-5.4.0-1055-raspi
CVE-2022-22822
9.8
https://nvd.nist.gov/vuln/detail/CVE-2022-22822
No fix availableinstall firefox 99.0+build2-0ubuntu0.18.04.2 > 98(fix version)
firefox
CVE-2022-22823
9.8
https://nvd.nist.gov/vuln/detail/CVE-2022-22823
No fix availableinstall firefox 99.0+build2-0ubuntu0.18.04.2 > 98(fix version)
firefox
CVE-2022-22824
9.8
https://nvd.nist.gov/vuln/detail/CVE-2022-22824
No fix availableinstall firefox 99.0+build2-0ubuntu0.18.04.2 > 98(fix version)
firefox
CVE-2022-23852
9.8
https://nvd.nist.gov/vuln/detail/CVE-2022-23852
No fix available
firefox, thunderbird
CVE-2022-23990
9.8
https://nvd.nist.gov/vuln/detail/CVE-2022-23990
No fix available
firefox, thunderbird
CVE-2022-25235
9.8
https://nvd.nist.gov/vuln/detail/CVE-2022-25235
No fix available
firefox, thunderbird
CVE-2022-25236
9.8
https://nvd.nist.gov/vuln/detail/CVE-2022-25236
No fix available
firefox, thunderbird
CVE-2022-25315
9.8
https://nvd.nist.gov/vuln/detail/CVE-2022-25315
No fix available
firefox, thunderbird
CVE-2016-9180
9.1
https://nvd.nist.gov/vuln/detail/CVE-2016-9180
No fix available
libxml-twig-perl
CVE-2019-20433
9.1
https://nvd.nist.gov/vuln/detail/CVE-2019-20433
No fix available
aspell
...
There are 30 CVEs with a CVSS score >= 9.0. These are exceptions requested here:
Release 5: Akraino CVE Vulnerability Exception Request

CVE-ID
CVSS
NVD
Fix/Notes
PACKAGES
CVE-2005-2541
10.0
https://nvd.nist.gov/vuln/detail/CVE-2005-2541 No fix available
tar
CVE-2014-2830
10.0
https://nvd.nist.gov/vuln/detail/CVE-2014-2830 No fix available
cifs-utils
CVE-2016-1585
9.8
https://nvd.nist.gov/vuln/detail/CVE-2016-1585 No fix available
libapparmor1
CVE-2017-17479
9.8
https://nvd.nist.gov/vuln/detail/CVE-2017-17479 No fix available
libopenjp2-7
CVE-2017-9117
9.8
https://nvd.nist.gov/vuln/detail/CVE-2017-9117 No fix available
libtiff5
CVE-2018-13410
9.8
https://nvd.nist.gov/vuln/detail/CVE-2018-13410 No fix available
zip
CVE-2019-1010022
9.8
https://nvd.nist.gov/vuln/detail/CVE-2019-1010022 No fix available
libc-bin, libc-dev-bin, libc-devtools, libc-l10n, libc6, libc6-dbg, libc6-dev, locales
CVE-2019-8341
9.8
https://nvd.nist.gov/vuln/detail/CVE-2019-8341 No fix available
python3-jinja2
CVE-2020-27619
9.8
https://nvd.nist.gov/vuln/detail/CVE-2020-27619
No fix available
python3.9
CVE-2021-29462
9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-29462 No fix available
libixml10, libupnp13
CVE-2021-29921
9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-29921 Reported fixed in python3.9 (installed), but still reported by Vuls
python3.9
CVE-2021-30473
9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-30473 No fix available
libaom0
CVE-2021-30474
9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-30474 No fix available
libaom0
CVE-2021-30475
9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-30475 No fix available
libaom0
CVE-2021-30498
9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-30498 No fix available
libcaca0
CVE-2021-30499
9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-30499 No fix available
libcaca0
CVE-2021-3756
9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-3756 install libmysofa 1.2.1
libmysofa1
CVE-2021-42377
9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-42377 No fix available
busybox
CVE-2021-45951
9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-45951 No fix available
dnsmasq
CVE-2021-45952
9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-45952 No fix available
dnsmasq
CVE-2021-45953
9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-45953 No fix available
dnsmasq
CVE-2021-45954
9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-45954 No fix available
dnsmasq
CVE-2021-45955
9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-45955 No fix available
dnsmasq
CVE-2021-45956
9.8
https://nvd.nist.gov/vuln/detail/CVE-2021-45956 No fix available
dnsmasq
CVE-2022-0318
9.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0318 unistall vim
vim
CVE-2022-23303
9.8
https://nvd.nist.gov/vuln/detail/CVE-2022-23303 No fix available
hostapd, wpasupplicant
CVE-2022-23304
9.8
https://nvd.nist.gov/vuln/detail/CVE-2022-23304 No fix available
hostapd, wpasupplicant
CVE-2021-22945
9.1
https://nvd.nist.gov/vuln/detail/CVE-2021-22945 unistall curl
curl
CVE-2021-4048
9.1
https://nvd.nist.gov/vuln/detail/CVE-2021-4048 No fix available
libblas3, liblapack3
CVE-2021-43400
9.1
https://nvd.nist.gov/vuln/detail/CVE-2021-43400 No fix available
bluez

Lynis

Nexus URL(before fix): https://nexus.akraino.org/content/sites/logs/fujitsu/job/robot-family/sses-lynis/11

Nexus URL(after fix): https://nexus.akraino.org/content/sites/logs/fujitsu/job/robot-family/sses-lynis/3

The initial results compare with the Lynis Incubation: PASS/FAIL Criteria, v1.0 as follows.

IoT Gateway

The Lynis Program Update test MUST pass with no errors.

Code Block

2022-03-29 22:55:42 Test: Checking for program update...
2022-03-29 22:55:43 Current installed version  : 308
2022-03-29 22:55:43 Latest stable version      : 307
2022-03-29 22:55:43 No Lynis update available.

...

Fix: Download and run the latest Lynis directly on SUT.

Steps To Implement Security Scan Requirements#InstallandExecute

The following list of tests MUST complete as passing

...

PC/Server for robot control

The Lynis Program Update test MUST pass with no errors.

Code Block

2022-03-23 05:13:56 Test: Checking for program update...
2022-03-23 05:14:03 Current installed version : 308
2022-03-23 05:14:03 Latest stable version : 307
2022-03-23 05:14:03 No Lynis update available

...

Fix: Download and run the latest Lynis directly on SUT.

Steps To Implement Security Scan Requirements#InstallandExecute

The following list of tests MUST complete as passing

...

Versions Compared

Old Version 15

New Version Current

Key

Test document

Lynis

IoT Gateway

The following list of tests MUST complete as passing

PC/Server for robot control

The following list of tests MUST complete as passing

CVE-ID	CVSS	NVD	Fix/Notes	PACKAGES
CVE-2016-1585	9.8	https://nvd.nist.gov/vuln/detail/CVE-2016-1585	No fix available	apparmor
CVE-2017-18201	9.8	https://nvd.nist.gov/vuln/detail/CVE-2017-18201	No fix available	libcdio17
CVE-2017-7827	9.8	https://nvd.nist.gov/vuln/detail/CVE-2017-7827	No fix available	libmozjs-52-0
CVE-2018-5090	9.8	https://nvd.nist.gov/vuln/detail/CVE-2018-5090	Reported fixed in 58 and later version (installed), but still reported by Vuls	libmozjs-52-0
CVE-2018-5126	9.8	https://nvd.nist.gov/vuln/detail/CVE-2018-5126	Reported fixed in 58 and later version (installed), but still reported by Vuls	libmozjs-52-0
CVE-2018-5145	9.8	https://nvd.nist.gov/vuln/detail/CVE-2018-5145	Reported fixed in 1:52.7.0 and later version (installed), but still reported by Vuls	libmozjs-52-0
CVE-2018-5151	9.8	https://nvd.nist.gov/vuln/detail/CVE-2018-5151	Reported fixed in 60 and later version (installed), but still reported by Vuls	libmozjs-52-0
CVE-2019-17041	9.8	https://nvd.nist.gov/vuln/detail/CVE-2019-17041	No fix available	rsyslog
CVE-2019-17042	9.8	https://nvd.nist.gov/vuln/detail/CVE-2019-17042	No fix available	rsyslog
CVE-2021-31870	9.8	https://nvd.nist.gov/vuln/detail/CVE-2021-31870	No fix available	klibc-utils, libklibc
CVE-2021-31872	9.8	https://nvd.nist.gov/vuln/detail/CVE-2021-31872	No fix available	klibc-utils, libklibc
CVE-2021-31873	9.8	https://nvd.nist.gov/vuln/detail/CVE-2021-31873	No fix available	klibc-utils, libklibc
CVE-2021-39713	9.8	https://nvd.nist.gov/vuln/detail/CVE-2021-39713	No fix available	linux-image-5.4.0-1055-raspi
CVE-2022-22822	9.8	https://nvd.nist.gov/vuln/detail/CVE-2022-22822	No fix availableinstall firefox 99.0+build2-0ubuntu0.18.04.2 > 98(fix version)	firefox
CVE-2022-22823	9.8	https://nvd.nist.gov/vuln/detail/CVE-2022-22823	No fix availableinstall firefox 99.0+build2-0ubuntu0.18.04.2 > 98(fix version)	firefox
CVE-2022-22824	9.8	https://nvd.nist.gov/vuln/detail/CVE-2022-22824	No fix availableinstall firefox 99.0+build2-0ubuntu0.18.04.2 > 98(fix version)	firefox
CVE-2022-23852	9.8	https://nvd.nist.gov/vuln/detail/CVE-2022-23852	No fix available	firefox, thunderbird
CVE-2022-23990	9.8	https://nvd.nist.gov/vuln/detail/CVE-2022-23990	No fix available	firefox, thunderbird
CVE-2022-25235	9.8	https://nvd.nist.gov/vuln/detail/CVE-2022-25235	No fix available	firefox, thunderbird
CVE-2022-25236	9.8	https://nvd.nist.gov/vuln/detail/CVE-2022-25236	No fix available	firefox, thunderbird
CVE-2022-25315	9.8	https://nvd.nist.gov/vuln/detail/CVE-2022-25315	No fix available	firefox, thunderbird
CVE-2016-9180	9.1	https://nvd.nist.gov/vuln/detail/CVE-2016-9180	No fix available	libxml-twig-perl
CVE-2019-20433	9.1	https://nvd.nist.gov/vuln/detail/CVE-2019-20433	No fix available	aspell

Page Comparison

Versions Compared

Old Version 15

New Version Current

Key

Lynis

IoT Gateway

The following list of tests MUST complete as passing

PC/Server for robot control

The following list of tests MUST complete as passing