Metasploit mailing list archives
Suggestion : Providing the DATE for exploits
From: mjreilly at wam.umd.edu (Michael James Reilly)
Date: Mon, 17 Oct 2005 23:32:02 -0400 (EDT)
Just came across these messages while catching up on my Metasploit email. I would make sure that the Metasploit team agrees with OSVDB's policy for setting disclosure dates before deciding to use their dates. I have worked on ICAT and the National Vulnerability Database (NVD) at NIST, and the dating scheme they use has actually changed over the years (used to be we'd search for the earliest disclosure date we could find; now we just tag them with the date that we get the vulnerabilities from the CVE folks). Also, since there is not a 1:1 corresondence between all vulnerabilities and exploits (some exploits apply to more than one vulnerability, depending on the way those vulns were cataloged) some modules may have more than one date in OSVDB... All in all, I think it is better for Metasploit to maintain their own dates if possible. - Michael Reilly On Sun, 2 Oct 2005, H D Moore wrote:
Since the OSVDB [osvdb.org] already tracks the vulnerability disclosure date, all we need to do is add the appropriate references and write an auto-retrieval system. Does anyone have a strong reason for tracking the module release date as well? -HD On Sunday 02 October 2005 13:48, H D Moore wrote:Unless someone volunteers to create and maintain this information for the entire exploit set, it probably won't end up in a release. Any takers? -HD On Sunday 02 October 2005 12:14, Nagareshwar Talekar wrote:Though its some additional work....it will add great value to the MSF. Looking for the dates in next release :)
Current thread:
- Suggestion : Providing the DATE for exploits, (continued)
- Suggestion : Providing the DATE for exploits fd (Oct 02)
- Suggestion : Providing the DATE for exploits H D Moore (Oct 02)
- Rebase.... myx (Oct 01)
- Rebase.... H D Moore (Oct 02)
- Rebase.... H D Moore (Oct 02)
- Rebase.... Sean Clark (Oct 03)
- Rebase.... myx (Oct 01)
- Suggestion : Providing the DATE for exploits Frank DiRocco (Oct 02)
- Suggestion : Providing the DATE for exploits H D Moore (Oct 02)
- Suggestion : Providing the DATE for exploits Nagareshwar Talekar (Oct 03)
- Suggestion : Providing the DATE for exploits Nagareshwar Talekar (Oct 03)
- Suggestion : Providing the DATE for exploits Michael James Reilly (Oct 17)
- Suggestion : Providing the DATE for exploits H D Moore (Oct 18)