Loading...
Tuesday, September 17, 2013

cvechecker 3.3 released - a local CVE checker tool

The goal of cvechecker is to report about possible vulnerabilities on your system, by scanning the installed software and matching the results with the CVE database. Indeed, this is not a bullet-proof method and you will most likely have many false positives (vulnerability is fixed with a revision-release, but the tool isn't able to detect the revision itself), yet it is still better than nothing, especially if you are running a distribution with little security coverage. 

Still, the tool remains useful. With the proper reporting in place, you are immediately warned when a new CVE has been released that might match your system. You can then take the appropriate steps (acknowledge report, verify incident, fix package or mark as false positive).
The tool however needs your help as well. The most work is to tell cvechecker how to detect which software is installed and what version. For more information, see the cvechecker man-page.

Current Release

The current stable release is 3.3, released on 2013/09/16. 

Source-
http://sourceforge.net/projects/cvechecker/

0 comments:

Post a Comment

 
TOP