I installed debsecan and then ran
debsecan --suite jessie
and back came nearly 2000
Filtering that down to high urgency and remotely exploitable still saw nearly 200
debsecan --suite=jessie | grep "high urgency" | grep "remotely exploitable" | sort | uniq | wc -l
Filtering that list down to remove duplicate CVE numbers left 71
As a relative neub I find that worrying. Should I be?
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
debsecan
Re: debsecan
Do you want a technically accurate answer? Or are you willing to settle for an answer someone just pulled out of their ass?
I trust my point is obvious, even to you.
I trust my point is obvious, even to you.
Re: debsecan
Vulnerability is well.. a vulnerability. I don't know about debsescan's accuracy or how it works precisely, but if I understood correctly the basic idea is to compare installed software version on Debian Security Team bulletin information. If you have up-to-date system, your results seem rather interesting. Thing to remember is, that debsescan is a local scanner, which doesn't tell how exposed found vulnerabilities are from the outside of your system. To find out your exposure, you should run something from the network side, e.g. nmap or nessus scan.
So with up-to-date system I wouldn't panic. Just keep installing patches as they get published and see that your firewall rules expose only needed services (sometimes there is none, so reject anything except ESTABLISHED or RELATED). It's of course a good habit to get rid of everything you don't need and keep your installed packages and services at minimum the minimize the attack surface.
So with up-to-date system I wouldn't panic. Just keep installing patches as they get published and see that your firewall rules expose only needed services (sometimes there is none, so reject anything except ESTABLISHED or RELATED). It's of course a good habit to get rid of everything you don't need and keep your installed packages and services at minimum the minimize the attack surface.
I don't think a person with your kind of expertise and experience needs to be this petty.dasein wrote:Do you want a technically accurate answer? Or are you willing to settle for an answer someone just pulled out of their ass?
I trust my point is obvious, even to you.
Last edited by kopper on 2017-08-25 09:35, edited 1 time in total.
Debian 10.2 Stable with i3
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian
-
- Posts: 1454
- Joined: 2015-08-30 20:14
Re: debsecan
Nah, it's all good. You don't have to worry much, unless you are running a high risk server. 71 CVE is not that much.ruffwoof wrote:As a relative neub I find that worrying. Should I be?
dasein, well where have you been all this time? Have you settled for a Wheezy replacement? What's it gonna be?dasein wrote:Do you want a technically accurate answer? Or are you willing to settle for an answer someone just pulled out of their ass?