Title
#fleet
Mystery Incorporated

Mystery Incorporated

09/04/2021, 6:57 PM
Heya is it meant to not remove the old vulnerable entry when I update????
Tomas Touceda

Tomas Touceda

09/06/2021, 5:52 PM
could it be that both versions are still available?
Mystery Incorporated

Mystery Incorporated

09/07/2021, 3:12 PM
Not at all, just v3.4.8 is installed which is not even showing in that list at all, but when I list python packaes it is there I will show you the list of python packages. Also it is doing it with httplib2
3:14 PM
Here is output of installed packages from pip (I updated to 3.3 and then 3.4.8 those days ago and still it doesn't say 3.4.8 is installed and lists the two vulnerable versions that are not)
3:16 PM
At least it shows the current version of httplib2 as well
3:21 PM
This is the dir that the packages get installed to.
3:22 PM
On a completely different host, it sees the 3.4.8 version but still lists the non existant 2.8 vulnerable version
Tomas Touceda

Tomas Touceda

09/07/2021, 4:32 PM
4:45 PM
could you tell me what the result of this osquery query is:
SELECT name AS name, version AS version, 'Package (Python)' AS type, 'python_packages' AS source FROM python_packages
?
Mystery Incorporated

Mystery Incorporated

09/09/2021, 4:03 PM
I'll check now
4:06 PM
@Tomas Touceda the output of that command shows only the old, no longer installed version of the python package.
4:06 PM
Tomas Touceda

Tomas Touceda

09/09/2021, 4:09 PM
ah you uninstalled that version and only have the newer one? that's odd, wonder why osquery is returning that still
Mystery Incorporated

Mystery Incorporated

09/09/2021, 4:12 PM
On a second host, it doesn't show even the old httplib2, it shows none at all! And still shows the old cryptography 2.8
4:14 PM
And it is definitely installed (pip list)
Tomas Touceda

Tomas Touceda

09/09/2021, 4:17 PM
might be something interesting to ask in #general