FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  368143
Date:      2014-09-13
Time:      21:18:56Z
Committer: matthew

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
72f35727-ce83-11e2-be04-005056a37f68dns/bind9* -- A recursive resolver can be crashed by a query for a malformed zone

ISC reports:

A bug has been discovered in the most recent releases of BIND 9 which has the potential for deliberate exploitation as a denial-of-service attack. By sending a recursive resolver a query for a record in a specially malformed zone, an attacker can cause BIND 9 to exit with a fatal "RUNTIME_CHECK" error in resolver.c.


Discovery 2013-06-04
Entry 2013-06-06
Modified 2013-06-07
bind99
gt 9.9.3 lt 9.9.3.1

bind99-base
gt 9.9.3 lt 9.9.3.1

bind98
gt 9.8.5 lt 9.8.5.1

bind98-base
gt 9.8.5 lt 9.8.5.1

bind96
gt 9.6.3.1.ESV.R9 lt 9.6.3.2.ESV.R9

bind96-base
gt 9.6.3.1.ESV.R9 lt 9.6.3.2.ESV.R9

CVE-2013-3919
57a700f9-12c0-11e2-9f86-001d923933b6dns/bind9* -- crash on deliberately constructed combination of records

ISC reports:

A deliberately constructed combination of records could cause named to hang while populating the additional section of a response.


Discovery 2012-09-26
Entry 2012-10-10
bind99
lt 9.9.1.4

bind98
lt 9.8.3.4

bind97
lt 9.7.6.4

bind96
lt 9.6.3.1.ESV.R7.4

CVE-2012-5166
57a700f9-12c0-11e2-9f86-001d923933b6dns/bind9* -- crash on deliberately constructed combination of records

ISC reports:

A deliberately constructed combination of records could cause named to hang while populating the additional section of a response.


Discovery 2012-09-26
Entry 2012-10-10
bind99
lt 9.9.1.4

bind98
lt 9.8.3.4

bind97
lt 9.7.6.4

bind96
lt 9.6.3.1.ESV.R7.4

CVE-2012-5166
7a282e49-95b6-11e2-8433-0800273fe665dns/bind9* -- Malicious Regex Can Cause Memory Exhaustion

ISC reports:

A critical defect in BIND 9 allows an attacker to cause excessive memory consumption in named or other programs linked to libdns.


Discovery 2013-03-11
Entry 2013-03-27
bind99
lt 9.9.2.2

bind99-base
lt 9.9.2.2

bind98
lt 9.8.4.2

bind98-base
lt 9.8.4.2

CVE-2013-2266
2892a8e2-3d68-11e2-8e01-0800273fe665dns/bind9* -- servers using DNS64 can be crashed by a crafted query

ISC reports:

BIND 9 nameservers using the DNS64 IPv6 transition mechanism are vulnerable to a software defect that allows a crafted query to crash the server with a REQUIRE assertion failure. Remote exploitation of this defect can be achieved without extensive effort, resulting in a denial-of-service (DoS) vector against affected servers.


Discovery 2012-11-27
Entry 2012-12-04
bind99
lt 9.9.2.1

bind99-base
lt 9.9.2.1

bind98
lt 9.8.4.1

bind98-base
lt 9.8.4.1

CVE-2012-5688