DX Infrastructure Management

Tech Tip: Checking backported security fixes on an Multi-port Monitor 

Sep 25, 2014 01:31 PM

You may receive a security bulletin specifying an insecure package or defect in CentOS, or may receive results from a security scan indicating that your Multi-port Monitor is not secure due to missing or obsolete packages. In most cases the security fix for the issue you are notified from is already backported into CentOS running on the monitor. To verify that it is installed, you can run the following command:

 

sudo rpm  -qi  --changelog  <pkg_name>  |  grep CVE-nnnn-nnnn

 

The package name will be the package in question in the bulletin or report. You can also get a list of installed packages by running the following:

 

sudo rpm -qa

 

You can then pick from the list to get the exact package name. This can be piped to grep as needed as well. The CVE-nnnn-nnnn is the vulnerability ID(CVE number). These are tracked at the following site:

 

CVE -CVE List Main Page

 

The CVE number should be included in the report or bulletin you received but you can search by keyword as well.

 

Once you have both the package ID and the CVE you can run the above command to verify the backport security fix is installed. If it is, you will see output from the command line mentioning the CVE number in the changelog for the package. Following is an example for the httpd package:

 

[netqos@ca-mtp ~]$ sudo rpm -qi --changelog httpd | grep CVE-2009-3555

- mod_ssl: add further mitigation for CVE-2009-3555 (#534042)

- add security fixes for CVE-2009-3555, CVE-2009-3094,

 

Shellshock Bug patch for MTP

ftp://ftp.ca.com/pub/netqos/product_patches/MTP/Shellshock/

Statistics
0 Favorited
1 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.