- Debian – Package Vulnerability Scanner:
debsecan # all known debsecan --suite=sid # all affecting this release debsecan --suite=sid --only-fixed # all with solutions
- FreeBSD – Package Vulnerability Scanner:
- Linux/UNIX Package Auditing with Nessus
Linux Distribution Tools
Easy to use. Maintained by the Debian testing team. Lists packages, CVE numbers and details.
They just packaged the Debian scanner without providing a database for it! And since 2008 there is a bug about it being 100% useless.
CentOS Fedora Redhat
Provides package name and CVE number. Note: On older systems there is only “yum list updates”.
Provides packages names with security relevant updates. You need to filter the list yourself or use the “–cve” switch to limit to CVEs only.
Provides packages names with security relevant updates. Similar to zypper you need to do the filtering yourself.
There is a dedicated scanner, but no documentation.
No Linux? Still a nice solution… Lists vulnerable ports and vulnerability details.