FreeBSD vulnerability scan

French Fries

Member

Reaction score: 18
Messages: 53

Dear friends,

I switched only recently to FreeBSD from Debian GNU/Linux.

Is there an equivalent of debsecan for FreeBSD?

debsecan scans all installed packages and looks for vulnerabilities in the
CVE database: http://www.cvedetails.com

Example:
debsecan --suite=sid
CVE-2017-11333 libvorbisfile3 (remotely exploitable, low urgency)
CVE-2017-11735 libvorbisfile3 (remotely exploitable, low urgency)
CVE-2016-10317 libgs9-common (remotely exploitable, medium urgency)
CVE-2017-11714 libgs9-common (remotely exploitable, medium urgency)
CVE-2017-9611 libgs9-common (remotely exploitable, medium urgency)
CVE-2017-9612 libgs9-common (remotely exploitable, medium urgency)
CVE-2017-9726 libgs9-common (remotely exploitable, medium urgency)
CVE-2017-9727 libgs9-common (remotely exploitable, medium urgency)
CVE-2017-9739 libgs9-common (remotely exploitable, medium urgency)
CVE-2017-9835 libgs9-common (remotely exploitable, medium urgency)


Any equivalent ?

Kind regards,
 
OP
French Fries

French Fries

Member

Reaction score: 18
Messages: 53

Nice to see this is integrated into FreeBSD.

I love this option:
Code:
    -r, --recursive
        Prints packages that depend    on vulnerable packages and are thus
        potentially    vulnerable as well.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 14,079
Messages: 40,790

It uses "our" own VuXML though, not exactly the same but the reported vulnerabilities are confirmed to be a problem on FreeBSD by the Security Team. So it's the best way to check for issues. One of the weekly security checks from periodic(8) also uses it. The only caveat is that this only checks ports/packages, not the base OS. This might change when pkgbase (using pkg(8) to update/upgrade the base OS) is finished though.

https://www.freebsd.org/doc/en/books/porters-handbook/security-notify.html
 
Top