FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ce82bfeb-d276-11e1-92c6-14dae938ec40dns/nsd -- DoS vulnerability from non-standard DNS packet

Marek Vavrusa and Lubos Slovak report:

It is possible to crash (SIGSEGV) a NSD child server process by sending it a non-standard DNS packet from any host on the internet. A crashed child process will automatically be restarted by the parent process, but an attacker may keep the NSD server occupied restarting child processes by sending it a stream of such packets effectively preventing the NSD server to serve.


Discovery 2012-07-19
Entry 2012-07-20
Modified 2012-07-21
nsd
< 3.2.11_2

CVE-2012-2978
ports/170024
http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt
7d08e608-5e95-11e6-b334-002590263bf5BIND,Knot,NSD,PowerDNS -- denial over service via oversized zone transfers

ISC reports:

DNS protocols were designed with the assumption that a certain amount of trust could be presumed between the operators of primary and secondary servers for a given zone. However, in current practice some organizations have scenarios which require them to accept zone data from sources that are not fully trusted (for example: providers of secondary name service). A party who is allowed to feed data into a zone (e.g. by AXFR, IXFR, or Dynamic DNS updates) can overwhelm the server which is accepting data by intentionally or accidentally exhausting that server's memory.


Discovery 2016-07-06
Entry 2016-08-10
Modified 2017-04-24
bind99
le 9.9.9P2

bind910
le 9.10.4P2

bind911
le 9.11.0.b2

bind9-devel
le 9.12.0.a.2016.11.02

knot
knot1
< 1.6.8

knot2
< 2.3.0

nsd
< 4.1.11

powerdns
< 4.0.1

CVE-2016-6170
CVE-2016-6171
CVE-2016-6172
CVE-2016-6173
https://kb.isc.org/article/AA-01390
http://www.openwall.com/lists/oss-security/2016/07/06/4
17f369dc-d7e7-11e1-90a2-000c299b62e1nsd -- Denial of Service

Tom Hendrikx reports:

It is possible to crash (SIGSEGV) a NSD child server process by sending it a DNS packet from any host on the internet and the per zone stats build option is enabled. A crashed child process will automatically be restarted by the parent process, but an attacker may keep the NSD server occupied restarting child processes by sending it a stream of such packets effectively preventing the NSD server to serve.


Discovery 2012-07-27
Entry 2012-07-27
nsd
< 3.2.13

CVE-2012-2979
http://www.nlnetlabs.nl/downloads/CVE-2012-2979.txt
56778a31-c2a1-11e9-9051-4c72b94353b5nsd -- Stack-based Buffer Overflow

SO-AND-SO reports:

nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in the dname_concatenate() function in dname.c.


Discovery 2019-07-28
Entry 2019-08-19
nsd
< 4.2.2

https://nvd.nist.gov/vuln/detail/CVE-2019-13207
https://github.com/NLnetLabs/nsd/issues/20
CVE-2019-13207
388ebb5b-3c95-11eb-929d-d4c9ef517024Unbound/NSD -- Denial of service vulnerability

NLNetLabs reports:

Unbound and NSD when writing the PID file would not check if an existing file was a symlink. This could allow for a local symlink \ attack if an attacker has access to the user Unbound/NSD runs as.


Discovery 2020-12-01
Entry 2020-12-12
unbound
< 1.13.0

nsd
< 4.3.4

https://nlnetlabs.nl/downloads/unbound/CVE-2020-28935.txt
CVE-2020-28935