1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
AUDIT-PACKAGES(8) NetBSD System Manager's Manual AUDIT-PACKAGES(8)
N�NA�AM�ME�E
a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s, d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t - show vulnerabilities in
installed packages
S�SY�YN�NO�OP�PS�SI�IS�S
a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s [-�-v�v]
d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t
D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
The a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s program compares the installed packages with the
_�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s file and reports any known security issues to stan-
dard output. This output contains the name and version of the package,
the type of vulnerability, and an URL for further information for each
vulnerable package.
The d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t program downloads this file from
_�f_�t_�p_�:_�/_�/_�f_�t_�p_�._�N_�e_�t_�B_�S_�D_�._�o_�r_�g_�/_�p_�u_�b_�/_�N_�e_�t_�B_�S_�D_�/_�p_�a_�c_�k_�a_�g_�e_�s_�/_�d_�i_�s_�t_�f_�i_�l_�e_�s_�/_�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s
using ftp(1). This vulnerabilities file documents all known security
issues in pkgsrc packages and is kept up-to-date by the NetBSD packages
team.
Each line lists the package and vulnerable versions, the type of exploit,
and an Internet address for further information. The type of exploit can
be any text, although some common types of exploits listed are:
+�+�o�o cross-site-html
+�+�o�o cross-site-scripting
+�+�o�o denial-of-service
+�+�o�o file-permissions
+�+�o�o local-access
+�+�o�o local-code-execution
+�+�o�o local-file-read
+�+�o�o local-file-removal
+�+�o�o local-file-write
+�+�o�o local-root-file-view
+�+�o�o local-root-shell
+�+�o�o local-symlink-race
+�+�o�o local-user-file-view
+�+�o�o local-user-shell
+�+�o�o privacy-leak
+�+�o�o remote-code-execution
+�+�o�o remote-command-inject
+�+�o�o remote-file-creation
+�+�o�o remote-file-read
+�+�o�o remote-file-view
+�+�o�o remote-file-write
+�+�o�o remote-key-theft
+�+�o�o remote-root-access
+�+�o�o remote-root-shell
+�+�o�o remote-script-inject
+�+�o�o remote-server-admin
+�+�o�o remote-use-of-secret
+�+�o�o remote-user-access
+�+�o�o remote-user-file-view
+�+�o�o remote-user-shell
+�+�o�o unknown
+�+�o�o weak-authentication
+�+�o�o weak-encryption
+�+�o�o weak-ssl-authentication
By default, the vulnerabilities file is stored in the
_�/_�u_�s_�r_�/_�p_�k_�g_�s_�r_�c_�/_�d_�i_�s_�t_�f_�i_�l_�e_�s directory. This can be changed by defining the
environment variable PKGVULNDIR to the directory containing the vulnera-
bilities file.
E�EN�NV�VI�IR�RO�ON�NM�ME�EN�NT�T
These variables can also be defined in the
_�/_�u_�s_�r_�/_�p_�k_�g_�/_�e_�t_�c_�/_�a_�u_�d_�i_�t_�-_�p_�a_�c_�k_�a_�g_�e_�s_�._�c_�o_�n_�f file.
PKGVULNDIR Specifies the directory containing the _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s
file.
FETCH_ARGS Specifies optional arguments for the ftp client.
F�FI�IL�LE�ES�S
_�/_�u_�s_�r_�/_�p_�k_�g_�s_�r_�c_�/_�d_�i_�s_�t_�f_�i_�l_�e_�s_�/_�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s
_�/_�u_�s_�r_�/_�p_�k_�g_�/_�e_�t_�c_�/_�a_�u_�d_�i_�t_�-_�p_�a_�c_�k_�a_�g_�e_�s_�._�c_�o_�n_�f
E�EX�XA�AM�MP�PL�LE�ES�S
The d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t command can be run via cron(8) to update
the _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s file daily. And a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s can be run via
cron(8) (or with NetBSD's _�/_�e_�t_�c_�/_�s_�e_�c_�u_�r_�i_�t_�y_�._�l_�o_�c_�a_�l daily security script).
The d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t command can be forced to use IPv4 with
the following setting in _�/_�u_�s_�r_�/_�p_�k_�g_�/_�e_�t_�c_�/_�a_�u_�d_�i_�t_�-_�p_�a_�c_�k_�a_�g_�e_�s_�._�c_�o_�n_�f:
export FETCH_ARGS="-4"
S�SE�EE�E A�AL�LS�SO�O
pkg_info(1), mk.conf(5), packages(7), _�/_�u_�s_�r_�/_�p_�k_�g_�s_�r_�c_�/_�m_�k_�/_�b_�s_�d_�._�p_�k_�g_�._�d_�e_�f_�a_�u_�l_�t_�s_�._�m_�k
and
_�D_�o_�c_�u_�m_�e_�n_�t_�a_�t_�i_�o_�n _�o_�n _�t_�h_�e _�N_�e_�t_�B_�S_�D _�P_�a_�c_�k_�a_�g_�e _�S_�y_�s_�t_�e_�m. _�/_�u_�s_�r_�/_�p_�k_�g_�s_�r_�c_�/_�P_�a_�c_�k_�a_�g_�e_�s_�._�t_�x_�t
H�HI�IS�ST�TO�OR�RY�Y
The a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s and d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t commands were origi-
nally implemented and added to NetBSD's pkgsrc by Alistair Crooks on
September 19, 2000. The original idea came from Roland Dowdeswell and
Bill Sommerfeld.
NetBSD 1.6 January 1, 2004 NetBSD 1.6
|
