From owner-freebsd-questions@FreeBSD.ORG Mon Aug 27 08:11:25 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B5C1D106564A for ; Mon, 27 Aug 2012 08:11:25 +0000 (UTC) (envelope-from ml@my.gd) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id 7F48E8FC19 for ; Mon, 27 Aug 2012 08:11:25 +0000 (UTC) Received: by ialo14 with SMTP id o14so9608919ial.13 for ; Mon, 27 Aug 2012 01:11:21 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type :x-gm-message-state; bh=F/Cdo7IBltJ8KpvP6ddrOke39nVn5IgZlVDVwwDd2b0=; b=PFsmqupDCu4KPpiGwKN+Exvg134CIFtXxoKNre7xitJUVd2OdtaU67uh2lEpVx+mxv N13R2NNqrcd715InBtb4Dviw6Va/GeugWHPb+hA36+/JLMm61/U/kNzlZI8NwVUtL0N3 GHkzuwSkBjsj3LuZHQFlNkISntlb/RIp3iNL73pMY/X/r0yTZ/+kjj5wwu9E3BP1orHO gq1GSvPsCUvwp0EsP2/4VdrBVq7q9nA7OCFwoX8J5D/Uv5Tk1qOBPT99acknLtNTqM9a oBzS2g/lasILoQMTp5li5ajAFfe8aT6wYay/zTzjtq+ipOD7STyGK3v38LFnZNmaoqR6 goXw== MIME-Version: 1.0 Received: by 10.42.156.1 with SMTP id x1mr10114092icw.51.1346055081590; Mon, 27 Aug 2012 01:11:21 -0700 (PDT) Received: by 10.64.96.131 with HTTP; Mon, 27 Aug 2012 01:11:21 -0700 (PDT) Date: Mon, 27 Aug 2012 10:11:21 +0200 Message-ID: From: Damien Fleuriot To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQltghHqXADBpYxQf99RCkaP35I2qfq+1CE02jgIR4DvbCA7UsDSChufxXj8p6UZwz6cfXyk Subject: 8-STABLE base BIND version number typo ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Aug 2012 08:11:25 -0000 Hello list, We're currently running Nessus PCI DSS scans on our infrastructure to eliminate known vulnerabilities and problems. The scan reports that my version of BIND is vulnerable to exploits I *know* it isn't. The problem, to me, seems to be with the version number as reported by named -V : BIND 9.6.-ESV-R7-P2 built with '--prefix=/usr' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--enable-threads' '--enable-getifaddrs' '--disable-linux-caps' '--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn' '--without-libxml2' (notice the .- notation) This is the base's BIND running on 8.3-STABLE 64 bits compiled and built on 22/08/12 : FreeBSD pf1-dmz-gs.[snip] 8.3-STABLE FreeBSD 8.3-STABLE #2: Wed Aug 22 10:41:47 CEST 2012 I have verified that building the exact same version from the ports, at /usr/ports/dns/bind96 yields the correct version number and the vulnerabilities are no longer reported by the scan, which uses BIND's version number as a reference. Has anyone else noticed the same oddity, that I might fill a PR ?