Date: Tue, 28 Aug 2012 11:13:07 +0200 From: Damien Fleuriot <ml@my.gd> To: freebsd-questions@freebsd.org Subject: Re: 8-STABLE base BIND version number typo ? Message-ID: <CAE63ME6AxtxYywBAKpt=ax6w7JeQD3eKOruQLFobJpFwjHO_9A@mail.gmail.com> In-Reply-To: <CAE63ME4uJ%2Bq2q3h-NSJOKxqMynZ32v%2BrhT04WCNchCjYRUt0Hw@mail.gmail.com> References: <CAE63ME4uJ%2Bq2q3h-NSJOKxqMynZ32v%2BrhT04WCNchCjYRUt0Hw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 27 August 2012 10:11, Damien Fleuriot <ml@my.gd> wrote: > Hello list, > > > > We're currently running Nessus PCI DSS scans on our infrastructure to > eliminate known vulnerabilities and problems. > > The scan reports that my version of BIND is vulnerable to exploits I > *know* it isn't. > > The problem, to me, seems to be with the version number as reported by > named -V : > BIND 9.6.-ESV-R7-P2 built with '--prefix=/usr' > '--infodir=/usr/share/info' '--mandir=/usr/share/man' > '--enable-threads' '--enable-getifaddrs' '--disable-linux-caps' > '--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn' > '--without-libxml2' > > (notice the .- notation) > > > This is the base's BIND running on 8.3-STABLE 64 bits compiled and > built on 22/08/12 : > FreeBSD pf1-dmz-gs.[snip] 8.3-STABLE FreeBSD 8.3-STABLE #2: Wed Aug 22 > 10:41:47 CEST 2012 > > > I have verified that building the exact same version from the ports, > at /usr/ports/dns/bind96 yields the correct version number and the > vulnerabilities are no longer reported by the scan, which uses BIND's > version number as a reference. > > > > Has anyone else noticed the same oddity, that I might fill a PR ? Hello list, I seem to have seen no replies. Would anyone kindly confirm they've got the same problem so we can get a PR filled ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAE63ME6AxtxYywBAKpt=ax6w7JeQD3eKOruQLFobJpFwjHO_9A>