FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  504357
Date:      2019-06-16
Time:      17:07:14Z
Committer: marcus

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
30e4ed7b-1ca6-11da-bc01-000e0c2e438abind9 -- denial of service

Problem description

A DNSSEC-related validator function in BIND 9.3.0 contains an inappropriate internal consistency test. When this test is triggered, named(8) will exit.


On systems with DNSSEC enabled, a remote attacker may be able to inject a specially crafted packet that will cause the internal consistency test to trigger, and named(8) to terminate. As a result, the name server will no longer be available to service requests.


DNSSEC is not enabled by default, and the "dnssec-enable" directive is not normally present. If DNSSEC has been enabled, disable it by changing the "dnssec-enable" directive to "dnssec-enable no;" in the named.conf(5) configuration file.

Discovery 2005-01-25
Entry 2005-09-03
eq 9.3.0

ge 5.3 lt 5.3_16

83725c91-7c7e-11de-9672-00e0815b8da8BIND -- Dynamic update message remote DoS

Problem Description:

When named(8) receives a specially crafted dynamic update message an internal assertion check is triggered which causes named(8) to exit.

To trigger the problem, the dynamic update message must contains a record of type "ANY" and at least one resource record set (RRset) for this fully qualified domain name (FQDN) must exist on the server.


An attacker which can send DNS requests to a nameserver can cause it to exit, thus creating a Denial of Service situation.


No generally applicable workaround is available, but some firewalls may be able to prevent nsupdate DNS packets from reaching the nameserver.

NOTE WELL: Merely configuring named(8) to ignore dynamic updates is NOT sufficient to protect it from this vulnerability.

Discovery 2009-07-28
Entry 2009-08-01
Modified 2009-08-04


ge 6.3 lt 6.3_12

ge 6.4 lt 6.4_6

ge 7.1 lt 7.1_7

ge 7.2 lt 7.2_3

ef3306fc-8f9b-11db-ab33-000e0c2e438abind9 -- Denial of Service in named(8)

Problem Description

For a recursive DNS server, a remote attacker sending enough recursive queries for the replies to arrive after all the interested clients have left the recursion queue will trigger an INSIST failure in the named(8) daemon. Also for a recursive DNS server, an assertion failure can occur when processing a query whose reply will contain more than one SIG(covered) RRset.

For an authoritative DNS server serving a RFC 2535 DNSSEC zone which is queried for the SIG records where there are multiple SIG(covered) RRsets (e.g. a zone apex), named(8) will trigger an assertion failure when it tries to construct the response.


An attacker who can perform recursive lookups on a DNS server and is able to send a sufficiently large number of recursive queries, or is able to get the DNS server to return more than one SIG(covered) RRsets can stop the functionality of the DNS service.

An attacker querying an authoritative DNS server serving a RFC 2535 DNSSEC zone may be able to crash the DNS server.


A possible workaround is to only allow trusted clients to perform recursive queries.

Discovery 2006-09-06
Entry 2006-12-19
Modified 2016-08-09
ge 6.1 lt 6.1_6

ge 6.0 lt 6.0_11

ge 5.5 lt 5.5_4

ge 5.4 lt 5.4_18

ge 5.0 lt 5.3_33

ge 9.0 lt