security

Auditing ports (FreeBSD)

One of the most important aspects of *BSD systems is security. Knowing which installed packages have exploitable vulnerabilities is one of the admin’s tasks.

Here, the portaudit utility comes in handy. It is not part of the base system, so it must be installed first:

% cd /usr/ports/ports-mgmt/portaudit; make install clean

To run a simple check:

% portaudit
Affected package: XXX
Type of problem: XXX -- embedded GD library Use-After-Free vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/6XXxf31-4254-11de-bXX-0030843d3802.html>

Affected package: YYY-0.2.8.4_2
Type of problem: YYY -- integer overflow vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/48aab1d0-YYY-YYYYYYY-0030843d3802.html>

Affected package: ZZZ-1.10.2_2
Type of problem: ZZZ -- integer overflow.
Reference: <http://www.FreeBSD.org/ports/portaudit/4b17ZZZZZZbecb-001cc0377035.html>

I have omitted the details of the vulnerable packages of my own machine. I’m sure you understand :)

Enjoy!

speak up

Add your comment below, or trackback from your own site.

Subscribe to these comments.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*Required Fields