From owner-freebsd-questions@FreeBSD.ORG Tue Aug 28 09:13:08 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2F87C1065670 for ; Tue, 28 Aug 2012 09:13:08 +0000 (UTC) (envelope-from ml@my.gd) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id E54038FC17 for ; Tue, 28 Aug 2012 09:13:07 +0000 (UTC) Received: by ialo14 with SMTP id o14so12959007ial.13 for ; Tue, 28 Aug 2012 02:13:07 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:x-gm-message-state; bh=FKb1MNlzcaf65vM/HqPXI2VqdOj2ozze4+2kWBsOBwI=; b=RsaRVWLGOCaa5bUArUsuC382XRyjvoV+EFM7zQylSpjDAWWrQJ4vw5cDOwS6L2eGat B9s5n8OYD3DzAA66+C8OapXpHdY9NW/DB/Zz/1Ygb4UgvgLBBgm8J4AnRwYkr6rxBQXo 8MSYzupBzf1R3BVgZSpyxzRAaEp5Q9VU+dEPIhrHT8D3ByJ1+qQ6b+T8AtGK18JyDrvR udaAfoib5aTK/vtO4B29YtwL7lPmCzWepflfjs+WyY8UmSIaYIjEzzsVVhsNCcb4rrzW fuUeyL1c6WAj1O830nIOSQBTk7bGREcsCf8YInzwrmfKr0ri8gJxqOBjDOtcIbXu6G2Y K32A== MIME-Version: 1.0 Received: by 10.50.94.133 with SMTP id dc5mr12880860igb.16.1346145187359; Tue, 28 Aug 2012 02:13:07 -0700 (PDT) Received: by 10.64.96.131 with HTTP; Tue, 28 Aug 2012 02:13:07 -0700 (PDT) In-Reply-To: References: Date: Tue, 28 Aug 2012 11:13:07 +0200 Message-ID: From: Damien Fleuriot To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQn86Swb+H60Vb5PUHf25sTk7t5t1hvWFAjQpC8YB4K/aFgUM9mDRoTS+G3yNsnRyVrZwkl0 Subject: Re: 8-STABLE base BIND version number typo ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Aug 2012 09:13:08 -0000 On 27 August 2012 10:11, Damien Fleuriot wrote: > Hello list, > > > > We're currently running Nessus PCI DSS scans on our infrastructure to > eliminate known vulnerabilities and problems. > > The scan reports that my version of BIND is vulnerable to exploits I > *know* it isn't. > > The problem, to me, seems to be with the version number as reported by > named -V : > BIND 9.6.-ESV-R7-P2 built with '--prefix=/usr' > '--infodir=/usr/share/info' '--mandir=/usr/share/man' > '--enable-threads' '--enable-getifaddrs' '--disable-linux-caps' > '--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn' > '--without-libxml2' > > (notice the .- notation) > > > This is the base's BIND running on 8.3-STABLE 64 bits compiled and > built on 22/08/12 : > FreeBSD pf1-dmz-gs.[snip] 8.3-STABLE FreeBSD 8.3-STABLE #2: Wed Aug 22 > 10:41:47 CEST 2012 > > > I have verified that building the exact same version from the ports, > at /usr/ports/dns/bind96 yields the correct version number and the > vulnerabilities are no longer reported by the scan, which uses BIND's > version number as a reference. > > > > Has anyone else noticed the same oddity, that I might fill a PR ? Hello list, I seem to have seen no replies. Would anyone kindly confirm they've got the same problem so we can get a PR filled ?