FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  375358
Date:      2014-12-23
Time:      21:24:55Z
Committer: rea

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
83725c91-7c7e-11de-9672-00e0815b8da8BIND -- Dynamic update message remote DoS

Problem Description:

When named(8) receives a specially crafted dynamic update message an internal assertion check is triggered which causes named(8) to exit.

To trigger the problem, the dynamic update message must contains a record of type "ANY" and at least one resource record set (RRset) for this fully qualified domain name (FQDN) must exist on the server.

Impact:

An attacker which can send DNS requests to a nameserver can cause it to exit, thus creating a Denial of Service situation.

Workaround:

No generally applicable workaround is available, but some firewalls may be able to prevent nsupdate DNS packets from reaching the nameserver.

NOTE WELL: Merely configuring named(8) to ignore dynamic updates is NOT sufficient to protect it from this vulnerability.


Discovery 2009-07-28
Entry 2009-08-01
Modified 2009-08-04
bind9
lt 9.3.6.1.1

bind9-sdb-postgresql
bind9-sdb-ldap
lt 9.4.3.3

CVE-2009-0696
SA-09:12.bind
http://www.kb.cert.org/vuls/id/725188
https://www.isc.org/node/474
83725c91-7c7e-11de-9672-00e0815b8da8BIND -- Dynamic update message remote DoS

Problem Description:

When named(8) receives a specially crafted dynamic update message an internal assertion check is triggered which causes named(8) to exit.

To trigger the problem, the dynamic update message must contains a record of type "ANY" and at least one resource record set (RRset) for this fully qualified domain name (FQDN) must exist on the server.

Impact:

An attacker which can send DNS requests to a nameserver can cause it to exit, thus creating a Denial of Service situation.

Workaround:

No generally applicable workaround is available, but some firewalls may be able to prevent nsupdate DNS packets from reaching the nameserver.

NOTE WELL: Merely configuring named(8) to ignore dynamic updates is NOT sufficient to protect it from this vulnerability.


Discovery 2009-07-28
Entry 2009-08-01
Modified 2009-08-04
bind9
lt 9.3.6.1.1

bind9-sdb-postgresql
bind9-sdb-ldap
lt 9.4.3.3

CVE-2009-0696
SA-09:12.bind
http://www.kb.cert.org/vuls/id/725188
https://www.isc.org/node/474