Script for CVE in Solaris 11 IPS – Part 1

Quiet a while ago Darren Moffat posted some details on how CVEs in Solaris 11.2 work. Great feature that will make life so much easier.

Still there was one thing that I felt is missing. How do you check which CVEs are patched by the currently installed/running Solaris version.
I’m sure this will be added somewhen in the future and until then I figured I would write a short and simple Perl script that does the work for you.
These are a view lines of output.

root@s11-2:~# /scripts/admin/cveList.pl

Installed Version: (Oracle Solaris 11.2.4.6.0)
Latest    Version: (Oracle Solaris 11.2.6.4.0)

|---- CVE ----|               |----- PKG @ version ---------------------------------------------------------------------|
 CVE-2012-3548                 pkg://solaris/diagnostic/wireshark/wireshark-common@1.8.3,5.11-0.175.1.3.0.1.0
 CVE-2012-5237                 pkg://solaris/diagnostic/wireshark/wireshark-common@1.8.3,5.11-0.175.1.3.0.1.0
 CVE-2012-5238                 pkg://solaris/diagnostic/wireshark/wireshark-common@1.8.3,5.11-0.175.1.3.0.1.0
 CVE-2012-5239                 pkg://solaris/diagnostic/wireshark/wireshark-common@1.8.3,5.11-0.175.1.3.0.1.0
 CVE-2012-5240                 pkg://solaris/diagnostic/wireshark/wireshark-common@1.8.3,5.11-0.175.1.3.0.1.0
 CVE-2012-5592                 pkg://solaris/diagnostic/wireshark/wireshark-common@1.8.5,5.11-0.175.1.7.0.2.0
 CVE-2012-5593                 pkg://solaris/diagnostic/wireshark/wireshark-common@1.8.5,5.11-0.175.1.7.0.2.0
 CVE-2012-5594                 pkg://solaris/diagnostic/wireshark/wireshark-common@1.8.5,5.11-0.175.1.7.0.2.0
 CVE-2012-5595                 pkg://solaris/diagnostic/wireshark/wireshark-common@1.8.5,5.11-0.175.1.7.0.2.0
 CVE-2012-5596                 pkg://solaris/diagnostic/wireshark/wireshark-common@1.8.5,5.11-0.175.1.7.0.2.0
 CVE-2012-5597                 pkg://solaris/diagnostic/wireshark/wireshark-common@1.8.5,5.11-0.175.1.7.0.2.0
 ...
 CVE-2013-3561                 pkg://solaris/diagnostic/wireshark/wireshark-common@1.8.8,5.11-0.175.1.10.0.4.0
 CVE-2013-3562                 pkg://solaris/diagnostic/wireshark/wireshark-common@1.8.8,5.11-0.175.1.10.0.4.0
 CVE-2013-4083                 pkg://solaris/diagnostic/wireshark/wireshark-common@1.8.8,5.11-0.175.1.10.0.4.0
 CVE-2013-4920                 pkg://solaris/diagnostic/wireshark/wireshark-common@1.8.9,5.11-0.175.1.11.0.4.0
 CVE-2013-4921                 pkg://solaris/diagnostic/wireshark/wireshark-common@1.8.9,5.11-0.175.1.11.0.4.0
 CVE-2013-4922                 pkg://solaris/diagnostic/wireshark/wireshark-common@1.8.9,5.11-0.175.1.11.0.4.0
 CVE-2013-4923                 pkg://solaris/diagnostic/wireshark/wireshark-common@1.8.9,5.11-0.175.1.11.0.4.0
 CVE-2013-4924                 pkg://solaris/diagnostic/wireshark/wireshark-common@1.8.9,5.11-0.175.1.11.0.4.0
 ...
 CVE-2014-5164                 pkg://solaris/diagnostic/wireshark/wireshark-common@1.10.9,5.11-0.175.2.2.0.3.0
 CVE-2014-5165                 pkg://solaris/diagnostic/wireshark/wireshark-common@1.10.9,5.11-0.175.2.2.0.3.0
 CVE-2014-6529                 pkg://solaris/driver/infiniband/connectx@0.5.11,5.11-0.175.2.1.0.5.2
 CVE-2012-4564                 pkg://solaris/image/library/libtiff@3.9.5,5.11-0.175.1.14.0.1.0
 CVE-2012-5581                 pkg://solaris/image/library/libtiff@3.9.5,5.11-0.175.1.10.0.4.0
 CVE-2013-1960                 pkg://solaris/image/library/libtiff@3.9.5,5.11-0.175.1.14.0.1.0
 CVE-2013-1961                 pkg://solaris/image/library/libtiff@3.9.5,5.11-0.175.1.14.0.1.0
 CVE-2013-4231                 pkg://solaris/image/library/libtiff@3.9.5,5.11-0.175.1.15.0.2.0
 CVE-2013-4232                 pkg://solaris/image/library/libtiff@3.9.5,5.11-0.175.1.15.0.2.0
 CVE-2013-1619                 pkg://solaris/library/gnutls@2.8.6,5.11-0.175.1.11.0.1.0
 ...

As you can see it will show you every single CVE and pkg that has been fixed in a previous and/or the currently installed Solaris 11 version.

Here is the script: cveList.pl

Update:
I will soon add some more information.

Attachments

Leave a Reply

Your email address will not be published. Required fields are marked *