21 lines
919 B
Plaintext
21 lines
919 B
Plaintext
cve-check-tool is a tool for checking known (public) CVEs. The tool will
|
|
identify potentially vunlnerable software packages within Linux
|
|
distributions through version matching.
|
|
|
|
CVEs are only ever potential - due to the various policies of various
|
|
distributions, and indeed semantics in versioning within various
|
|
projects, it is expected that the tool may generate false positives.
|
|
|
|
The tool is designed to integrate with a locally cached copy of the
|
|
National Vulnerability Database. cve-check-tool downloads the NVD in its
|
|
entirety, from 2002 until the current moment. The decompressed XML
|
|
database is in excess of 550MB, so this should be taken into account
|
|
before running the tool.
|
|
|
|
Make package list from package database:
|
|
( cd /var/log/packages/ ; ls | rev | cut -d- -f3- | \
|
|
sed -e s/-/,/ -e s/^/,,/ | rev > /var/log/pkgs.csv )
|
|
|
|
Check packages via CVEs database:
|
|
cve-check-tool -uNc /var/log/pkgs.csv
|