Date: Fri, 30 Jun 2006 17:06:29 -0400 From: "Dolan- Gavitt, Brendan F." <brendandg@mitre.org> To: <freebsd-security@freebsd.org> Subject: Determining vulnerability to issues described by SAs Message-ID: <A4B2840BABACAB46A3100E0DCD4DEDDDC42349@IMCSRV3.MITRE.ORG>
next in thread | raw e-mail | index | archive | help
Hi, I've been trying for the past few days to come up with a method for checking a FreeBSD system to see if it is vulnerable to an issue described by a FreeBSD security advisory in some automated way, similar to the way portaudit can use VuXML to check for vulnerabilities in ports. Right now, I'm a bit stuck--there seem to be fairly major issues with all the methods I've come up with: [1] Checking the patchlevel as reported by uname -r. [2] Checking the RCS version tags in the source files listed as changed by the SA [3] Using ident on the binaries affected to extract the RCS tags of the source files used to compile them. [1] Can fail if the user updates through binary patches of the sort offered by freebsd-update; as far as I can tell, these do not affect the output of uname unless they directly patch the kernel. Worse, the patchlevel reported may be up-to-date even if the userland is still vulnerable to an issue mentioned in an SA (eg if the user does a make buildkernel but not a make buildworld). [2] Can fail if the user does not build from source to update the system. [3] Should work in all cases (aside from custom modifications to the sources, but there's really no way to handle this case), but I don't know of any way to automatically determine what binary to ident based on the list of source files given in a security advisory. All of the situations mentioned seem like they could be quite common. I'm fairly new to FreeBSD, so I may just be missing something here--is there a reliable way to determine if a system is patched according to a particular security advisory? Thanks, Brendan Dolan-Gavitt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A4B2840BABACAB46A3100E0DCD4DEDDDC42349>