8-STABLE base BIND version number typo ?

Damien Fleuriot ml at my.gd
Mon Aug 27 08:11:25 UTC 2012

Hello list,

We're currently running Nessus PCI DSS scans on our infrastructure to
eliminate known vulnerabilities and problems.

The scan reports that my version of BIND is vulnerable to exploits I
*know* it isn't.

The problem, to me, seems to be with the version number as reported by
named -V :
BIND 9.6.-ESV-R7-P2 built with '--prefix=/usr'
'--infodir=/usr/share/info' '--mandir=/usr/share/man'
'--enable-threads' '--enable-getifaddrs' '--disable-linux-caps'
'--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn'

(notice the .- notation)

This is the base's BIND running on 8.3-STABLE 64 bits compiled and
built on 22/08/12 :
FreeBSD pf1-dmz-gs.[snip] 8.3-STABLE FreeBSD 8.3-STABLE #2: Wed Aug 22
10:41:47 CEST 2012

I have verified that building the exact same version from the ports,
at /usr/ports/dns/bind96 yields the correct version number and the
vulnerabilities are no longer reported by the scan, which uses BIND's
version number as a reference.

Has anyone else noticed the same oddity, that I might fill a PR ?

More information about the freebsd-questions mailing list