Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 28 Aug 2012 11:13:07 +0200
From:      Damien Fleuriot <ml@my.gd>
To:        freebsd-questions@freebsd.org
Subject:   Re: 8-STABLE base BIND version number typo ?
Message-ID:  <CAE63ME6AxtxYywBAKpt=ax6w7JeQD3eKOruQLFobJpFwjHO_9A@mail.gmail.com>
In-Reply-To: <CAE63ME4uJ%2Bq2q3h-NSJOKxqMynZ32v%2BrhT04WCNchCjYRUt0Hw@mail.gmail.com>
References:  <CAE63ME4uJ%2Bq2q3h-NSJOKxqMynZ32v%2BrhT04WCNchCjYRUt0Hw@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 27 August 2012 10:11, Damien Fleuriot <ml@my.gd> wrote:
> Hello list,
>
>
>
> We're currently running Nessus PCI DSS scans on our infrastructure to
> eliminate known vulnerabilities and problems.
>
> The scan reports that my version of BIND is vulnerable to exploits I
> *know* it isn't.
>
> The problem, to me, seems to be with the version number as reported by
> named -V :
> BIND 9.6.-ESV-R7-P2 built with '--prefix=/usr'
> '--infodir=/usr/share/info' '--mandir=/usr/share/man'
> '--enable-threads' '--enable-getifaddrs' '--disable-linux-caps'
> '--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn'
> '--without-libxml2'
>
> (notice the .- notation)
>
>
> This is the base's BIND running on 8.3-STABLE 64 bits compiled and
> built on 22/08/12 :
> FreeBSD pf1-dmz-gs.[snip] 8.3-STABLE FreeBSD 8.3-STABLE #2: Wed Aug 22
> 10:41:47 CEST 2012
>
>
> I have verified that building the exact same version from the ports,
> at /usr/ports/dns/bind96 yields the correct version number and the
> vulnerabilities are no longer reported by the scan, which uses BIND's
> version number as a reference.
>
>
>
> Has anyone else noticed the same oddity, that I might fill a PR ?



Hello list,



I seem to have seen no replies.

Would anyone kindly confirm they've got the same problem so we can get
a PR filled ?



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAE63ME6AxtxYywBAKpt=ax6w7JeQD3eKOruQLFobJpFwjHO_9A>