0

I want to run a test for some servers to see if they are vulnerable to a bunch of vulnerabilities in CVE database (cve.mitre.org). I have access to the servers so I can know the version numbers of all the installed packages. I am newbie in using CVE database, I spent sometime reading about it but I could not find the answer to my question. So is it stored in the database the affected package and the affected versions?

The end goal that I want is to run a script on my servers to see if there are any updates for specific packages that are important as these updates contain security patches.

Hatem Mostafa
  • 85
  • 6

1 Answers1

0

In short: This wouldn't work.

Stable distributions apply security patches without updating the version of the software itself. Only revisions readable by the package manager are bumped.

So, you can't passively and reliably know if a package is vulnerable or not, without running a test that is designed to check for the presence of the specific bug/exploit.

Not Important
  • 287
  • 1
  • 8