FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  567419
Date:      2021-03-05
Time:      21:18:20Z
Committer: mfechner

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
c6861494-1ffb-11e7-934d-d05099c0ae8cBIND -- multiple vulnerabilities

ISC reports:

A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate.

An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met.

Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order.

named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc.

A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string.

Discovery 2017-04-12
Entry 2017-04-13
Modified 2017-04-13
lt 9.9.9P8

lt 9.10.4P8

lt 9.11.0P5

le 9.12.0.a.2017.03.25

c8d902b1-8550-11e6-81e7-d050996490d0BIND -- Remote Denial of Service vulnerability

ISC reports:

Testing by ISC has uncovered a critical error condition which can occur when a nameserver is constructing a response. A defect in the rendering of messages into packets can cause named to exit with an assertion failure in buffer.c while constructing a response to a query that meets certain criteria.

Discovery 2016-09-27
Entry 2016-09-28
Modified 2016-10-10
lt 9.9.9P3

lt 9.10.4P3

lt 9.11.0.rc3

lt 9.12.0.a.2016.09.10

ge 9.3 lt 9.3_48

0b8d01a4-a0d2-11e6-9ca2-d050996490d0BIND -- Remote Denial of Service vulnerability

ISC reports:

A defect in BIND's handling of responses containing a DNAME answer can cause a resolver to exit after encountering an assertion failure in db.c or resolver.c

Discovery 2016-11-01
Entry 2016-11-02
lt 9.9.9P4

lt 9.10.4P4

lt 9.11.0P1

le 9.12.0.a.2016.10.21

ge 9.3 lt 9.3_50

d4c7e9a9-d893-11e6-9b4d-d050996490d0BIND -- multiple vulnerabilities

ISC reports:

A malformed query response received by a recursive server in response to a query of RTYPE ANY could trigger an assertion failure while named is attempting to add the RRs in the query response to the cache.

Depending on the type of query and the EDNS options in the query they receive, DNSSEC-enabled authoritative servers are expected to include RRSIG and other RRsets in their responses to recursive servers. DNSSEC-validating servers will also make specific queries for DS and other RRsets. Whether DNSSEC-validating or not, an error in processing malformed query responses that contain DNSSEC-related RRsets that are inconsistent with other RRsets in the same query response can trigger an assertion failure. Although the combination of properties which triggers the assertion should not occur in normal traffic, it is potentially possible for the assertion to be triggered deliberately by an attacker sending a specially-constructed answer.

An unusually-formed answer containing a DS resource record could trigger an assertion failure. While the combination of properties which triggers the assertion should not occur in normal traffic, it is potentially possible for the assertion to be triggered deliberately by an attacker sending a specially-constructed answer having the required properties.

An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes.

Discovery 2017-01-11
Entry 2017-01-12
lt 9.9.9P5

lt 9.10.4P5

lt 9.11.0P2

le 9.12.0.a.2016.12.28

ge 9.3 lt 10.0