debsecan

Here you can discuss every aspect of Debian. Note: not for support requests!

debsecan

Postby ruffwoof » 2017-08-25 02:26

I installed debsecan and then ran

debsecan --suite jessie

and back came nearly 2000

Filtering that down to high urgency and remotely exploitable still saw nearly 200

debsecan --suite=jessie | grep "high urgency" | grep "remotely exploitable" | sort | uniq | wc -l

Filtering that list down to remove duplicate CVE numbers left 71

As a relative neub I find that worrying. Should I be?
Debian oldstable, twm, yad, stalonetray
Acer Aspire M3201 (2GB), AMD Phenom X4
ruffwoof
 
Posts: 216
Joined: 2016-08-20 21:00

Re: debsecan

Postby dasein » 2017-08-25 03:36

Do you want a technically accurate answer? Or are you willing to settle for an answer someone just pulled out of their ass?

I trust my point is obvious, even to you.
User avatar
dasein
 
Posts: 7775
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Re: debsecan

Postby kopper » 2017-08-25 05:27

Vulnerability is well.. a vulnerability. I don't know about debsescan's accuracy or how it works precisely, but if I understood correctly the basic idea is to compare installed software version on Debian Security Team bulletin information. If you have up-to-date system, your results seem rather interesting. Thing to remember is, that debsescan is a local scanner, which doesn't tell how exposed found vulnerabilities are from the outside of your system. To find out your exposure, you should run something from the network side, e.g. nmap or nessus scan.

So with up-to-date system I wouldn't panic. Just keep installing patches as they get published and see that your firewall rules expose only needed services (sometimes there is none, so reject anything except ESTABLISHED or RELATED). It's of course a good habit to get rid of everything you don't need and keep your installed packages and services at minimum the minimize the attack surface.

dasein wrote:Do you want a technically accurate answer? Or are you willing to settle for an answer someone just pulled out of their ass?
I trust my point is obvious, even to you.

I don't think a person with your kind of expertise and experience needs to be this petty.
Last edited by kopper on 2017-08-25 09:35, edited 1 time in total.
Debian 9.2 Stable with i3
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian
kopper
 
Posts: 78
Joined: 2016-09-30 14:30

Re: debsecan

Postby Wheelerof4te » 2017-08-25 06:20

ruffwoof wrote:As a relative neub I find that worrying. Should I be?


Nah, it's all good. You don't have to worry much, unless you are running a high risk server. 71 CVE is not that much.

dasein wrote:Do you want a technically accurate answer? Or are you willing to settle for an answer someone just pulled out of their ass?


dasein, well where have you been all this time? Have you settled for a Wheezy replacement? What's it gonna be? :D
Fedora GNOME
Intel Core Duo Broadwell 3825U
AMD Radeon R5 330m
8 GB DDR3 RAM
User avatar
Wheelerof4te
 
Posts: 430
Joined: 2015-08-30 20:14


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 2 guests

fashionable
cron