The Archives

  • 26.May.09
    Auditing ports (FreeBSD) security | fernape | (0)
    One of the most important aspects of *BSD systems is security. Knowing which installed packages have exploitable vulnerabilities is one of the admin's tasks. Here, the portaudit utility comes in handy. It is not part of the base system, so it must be installed first: % cd /usr/ports/ports-mgmt/portaudit; make install clean To run a simple check: % portaudit Affected package: XXX Type of problem: XXX -- embedded GD library Use-After-Free vulnerability. Reference: <http://www.FreeBSD.org/ports/portaudit/6XXxf31-4254-11de-bXX-0030843d3802.html> Affected package: YYY-0.2.8.4_2 Type of problem: YYY -- integer overflow vulnerability. Reference: <http://www.FreeBSD.org/ports/portaudit/48aab1d0-YYY-YYYYYYY-0030843d3802.html> Affected package: ZZZ-1.10.2_2 Type of problem: ZZZ -- integer overflow. Reference: <http://www.FreeBSD.org/ports/portaudit/4b17ZZZZZZbecb-001cc0377035.html> I have omitted the details of the vulnerable packages of my own machine. I'm sure you ...