Friday, June 22, 2012

Check your system for vulnerabilities using CVEChecker


The goal of cvechecker is to report about possible vulnerabilities on your system, by scanning the installed software and matching the results with the CVE database. Indeed, this is not a bullet-proof method and you will most likely have many false positives (vulnerability is fixed with a revision-release, but the tool isn’t able to detect the revision itself), yet it is still better than nothing, especially if you are running a distribution with little security coverage.
Still, the tool remains useful. With the proper reporting in place, you are immediately warned when a new CVE has been released that might match your system. You can then take the appropriate steps (acknowledge report, verify incident, fix package or mark as false positive).
The tool however needs your help as well. The most work is to tell cvechecker how to detect which software is installed and what version. For more information, see the cvechecker man-page.
Install required packages:
Code:
root@coresec:~# apt-get install libconfig8-dev libsqlite3-dev libxslt1-dev
Compilation Process:


root@coresec:~# tar -zxvf cvechecker-3.1.tar.gz
root@coresec:~# cd cvechecker-3.1/
root@coresec:~/cvechecker-3.1# ./configure --enable-sqlite3
root@coresec:~/cvechecker-3.1# make
root@coresec:~/cvechecker-3.1# make install
Initialize SQLite3 Database:
Code:
root@coresec:~/cvechecker-3.1# cvechecker -i
To pull the necessary data from the Internet:
Code:
root@coresec:~/cvechecker-3.1# pullcves pull
 
Downloading nvdcve-2.0-2002.xml... ok
Converting nvdcve-2.0-2002.xml to CSV... ok
Loading in nvdcve-2.0-2002.csv in cvechecker.
I am missing the index cveidx2. This is to be expected if this is the first run of cvechecker since an upgrade.
I will now create cveidx2 for you, no further actions are needed.
Some updates have occurred which might affect the database initialization.
Please restart the command.
Downloading nvdcve-2.0-2003.xml... ok
Converting nvdcve-2.0-2003.xml to CSV... ok
Loading in nvdcve-2.0-2003.csv in cvechecker.
Loading CVE data from /usr/local/var/cvechecker/cache/nvdcve-2.0-2003.csv into database
 100 records processed (0 already in db)...
 200 records processed (0 already in db)...
 300 records processed (0 already in db)...
 .....
Generate List of Files:
Code:
root@coresec:~/cvechecker-3.1# find / -type f -perm -o+x > scanlist.txt
root@coresec:~/cvechecker-3.1# echo "/proc/version" >> scanlist.txt
Gather List of Installed Software/Versions:
Code:
root@coresec:~/cvechecker-3.1# cvechecker -b scanlist.txt
 
Searching for known software titles...
 - Found match for /lib/libpthread-2.12.1.so:   cpe:/a:gnu:glibc:2.12.1:::
 - Found match for /sbin/resize2fs:     cpe:/a:ext2_filesystems_utilities:e2fsprogs:1.41.12:::
 - Found match for /sbin/mkfs.ext4:     cpe:/a:ext2_filesystems_utilities:e2fsprogs:1.41.12:::
 - Found match for /sbin/iptables-save: cpe:/a:netfilter_core_team:iptables:1.4.4:::
 - Found match for /sbin/iptables-save: cpe:/a:netfilter_core_team:iptables:1.4.4:::
   .....
Output Matching CVE Entries:
Code:
root@coresec:~/cvechecker-3.1# cvechecker -r
 
File "/bin/dbus-daemon" (CPE = cpe:/a:freedesktop:dbus:1.4.0:::) on host coresec (key coresec)
  Potential vulnerability found (CVE-2010-4352)
  Full vulnerability match (incl. edition/language)
File "/bin/dbus-uuidgen" (CPE = cpe:/a:freedesktop:dbus:1.4.0:::) on host coresec (key coresec)
  Potential vulnerability found (CVE-2010-4352)
  Full vulnerability match (incl. edition/language)
File "/usr/bin/dbus-launch" (CPE = cpe:/a:freedesktop:dbus:1.4.0:::) on host coresec (key coresec)
  Potential vulnerability found (CVE-2010-4352)
  Full vulnerability match (incl. edition/language)
  ......
Export to CSV format:
Code:
root@coresec:~/cvechecker-3.1# cvechecker -r -C

No comments:

Post a Comment