Cover V14, i10

Article

oct2005.tar

syslog

The National Institute of Standards and Technology (NIST) recently launched a comprehensive vulnerability database featuring daily updates on the latest security problems in software products. According to the Web site, the National Vulnerability Database (NVD) "integrates all publicly available U.S. government vulnerability resources and provides references to industry resources". It is based on and synchronized with the Common Vulnerabilities and Exposures (CVE) naming standard.

At this time of writing, the site contains more than 12,000 vulnerability entries, and the publication rate stands at nine vulnerabilities per day. The home page also lists the 20 most recent CVE vulnerabilities. The database, which is funded by the Homeland Security Department's National Cyber Security Division, is searchable by CVE name, US-CERT Technical Alerts, US-CERT Vulnerability Notes, and OVAL Definition.

The NVD's vulnerability information is available for free as an XML feed, and the site also provides a statistics generation engine. According to the site, this can be used "to graph and chart vulnerabilities discovered within a product or to graph and chart sets of vulnerabilities containing particular characteristics (e.g., remotely exploitable buffer overflows)". You can check out the database at: http://nvd.nist.gov.

I need to mention a couple of updates to previously published articles. When the article "Vulnerability Assessments with Nmap and Nessus" (14(8):17-22) by Wyman Miles was written, the Nmap::Parser module took the syntax noted in the scripts presented with the article. The release of the 1.0 module in July, however, saw some changes in the syntax, as follows:

  • "register_host_callback" has been changed to "callback".
  • "parse_filters" appears to no longer exist and can be omitted.

With these changes, the scripts will work with the current version of the module. We regret any inconvenience caused by this situation.

Also, we have posted some additional configuration scripts to accompany the "Enhancing Kickstart" article by Brian Boyd that appeared in the September issue. The scripts, which define public functions, configuration paths, and global variables, are now available from the Sys Admin Web site: http://www.sysadminmag.com/code/. Please send additional comments, suggestions, and corrections to me at: aankerholz@cmp.com. I look forward to hearing from you.

 

Sincerely yours,

Amber Ankerholz

Editor in Chief

 
© 2005 CMP Media LLC. All Rights Reserved.
www.sysadminmag.com