1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
AUDIT-PACKAGES(8) NetBSD System Manager's Manual AUDIT-PACKAGES(8)
N�NA�AM�ME�E
a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s, d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t - show vulnerabilities in
installed packages
S�SY�YN�NO�OP�PS�SI�IS�S
a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s [-�-v�v]
d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t
D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
The a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s program compares the installed packages with the
_�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s file and reports any known security issues to stan-
dard output. This output contains the name and version of the package,
the type of vulnerability, and an URL for further information for each
vulnerable package. If the -�-v�v option is specified, a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s will
warn when the vulnerabilities file is more than a week old.
The d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t program downloads this file from
_�f_�t_�p_�:_�/_�/_�f_�t_�p_�._�N_�e_�t_�B_�S_�D_�._�o_�r_�g_�/_�p_�u_�b_�/_�N_�e_�t_�B_�S_�D_�/_�p_�a_�c_�k_�a_�g_�e_�s_�/_�d_�i_�s_�t_�f_�i_�l_�e_�s_�/_�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s
using @FETCH_CMD_SHORT@(1). This vulnerabilities file documents all
known security issues in pkgsrc packages and is kept up-to-date by the
NetBSD packages team.
Each line lists the package and vulnerable versions, the type of exploit,
and an Internet address for further information. The type of exploit can
be any text, although some common types of exploits listed are:
+�+�o�o cross-site-html
+�+�o�o cross-site-scripting
+�+�o�o denial-of-service
+�+�o�o file-permissions
+�+�o�o local-access
+�+�o�o local-code-execution
+�+�o�o local-file-read
+�+�o�o local-file-removal
+�+�o�o local-file-write
+�+�o�o local-root-file-view
+�+�o�o local-root-shell
+�+�o�o local-symlink-race
+�+�o�o local-user-file-view
+�+�o�o local-user-shell
+�+�o�o privacy-leak
+�+�o�o remote-code-execution
+�+�o�o remote-command-inject
+�+�o�o remote-file-creation
+�+�o�o remote-file-read
+�+�o�o remote-file-view
+�+�o�o remote-file-write
+�+�o�o remote-key-theft
+�+�o�o remote-root-access
+�+�o�o remote-root-shell
+�+�o�o remote-script-inject
+�+�o�o remote-server-admin
+�+�o�o remote-use-of-secret
+�+�o�o remote-user-access
+�+�o�o remote-user-file-view
+�+�o�o remote-user-shell
+�+�o�o unknown
+�+�o�o weak-authentication
+�+�o�o weak-encryption
+�+�o�o weak-ssl-authentication
By default, the vulnerabilities file is stored in the @PKGVULNDIR@ direc-
tory. This can be changed by defining the environment variable
PKGVULNDIR to the directory containing the vulnerabilities file.
E�EN�NV�VI�IR�RO�ON�NM�ME�EN�NT�T
These variables can also be defined in the @PKG_SYSCONFDIR@/audit-pack-
ages.conf file.
PKGVULNDIR Specifies the directory containing the _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s
file.
FETCH_ARGS Specifies optional arguments for the ftp client.
F�FI�IL�LE�ES�S
@PKGVULNDIR@/pkg-vulnerabilities
@PKG_SYSCONFDIR@/audit-packages.conf
E�EX�XA�AM�MP�PL�LE�ES�S
The d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t command can be run via cron(8) to update
the _�p_�k_�g_�-_�v_�u_�l_�n_�e_�r_�a_�b_�i_�l_�i_�t_�i_�e_�s file daily. And a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s can be run via
cron(8) (or with NetBSD's _�/_�e_�t_�c_�/_�s_�e_�c_�u_�r_�i_�t_�y_�._�l_�o_�c_�a_�l daily security script).
The d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t command can be forced to use IPv4 with
the following setting in @PKG_SYSCONFDIR@/audit-packages.conf :
export FETCH_ARGS="-4"
S�SE�EE�E A�AL�LS�SO�O
pkg_info(1), mk.conf(5), packages(7), @PKGSRCDIR@/mk/bsd.pkg.defaults.mk
and
_�D_�o_�c_�u_�m_�e_�n_�t_�a_�t_�i_�o_�n _�o_�n _�t_�h_�e _�N_�e_�t_�B_�S_�D _�P_�a_�c_�k_�a_�g_�e _�S_�y_�s_�t_�e_�m. @PKGSRCDIR@/Packages.txt
H�HI�IS�ST�TO�OR�RY�Y
The a�au�ud�di�it�t-�-p�pa�ac�ck�ka�ag�ge�es�s and d�do�ow�wn�nl�lo�oa�ad�d-�-v�vu�ul�ln�ne�er�ra�ab�bi�il�li�it�ty�y-�-l�li�is�st�t commands were origi-
nally implemented and added to NetBSD's pkgsrc by Alistair Crooks on
September 19, 2000. The original idea came from Roland Dowdeswell and
Bill Sommerfeld.
NetBSD 2.0 May 12, 2004 NetBSD 2.0
|
