8-STABLE base BIND version number typo ?
Damien Fleuriot
ml at my.gd
Tue Aug 28 09:13:08 UTC 2012
On 27 August 2012 10:11, Damien Fleuriot <ml at my.gd> wrote:
> Hello list,
>
>
>
> We're currently running Nessus PCI DSS scans on our infrastructure to
> eliminate known vulnerabilities and problems.
>
> The scan reports that my version of BIND is vulnerable to exploits I
> *know* it isn't.
>
> The problem, to me, seems to be with the version number as reported by
> named -V :
> BIND 9.6.-ESV-R7-P2 built with '--prefix=/usr'
> '--infodir=/usr/share/info' '--mandir=/usr/share/man'
> '--enable-threads' '--enable-getifaddrs' '--disable-linux-caps'
> '--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn'
> '--without-libxml2'
>
> (notice the .- notation)
>
>
> This is the base's BIND running on 8.3-STABLE 64 bits compiled and
> built on 22/08/12 :
> FreeBSD pf1-dmz-gs.[snip] 8.3-STABLE FreeBSD 8.3-STABLE #2: Wed Aug 22
> 10:41:47 CEST 2012
>
>
> I have verified that building the exact same version from the ports,
> at /usr/ports/dns/bind96 yields the correct version number and the
> vulnerabilities are no longer reported by the scan, which uses BIND's
> version number as a reference.
>
>
>
> Has anyone else noticed the same oddity, that I might fill a PR ?
Hello list,
I seem to have seen no replies.
Would anyone kindly confirm they've got the same problem so we can get
a PR filled ?
More information about the freebsd-questions
mailing list