Date: Tue, 08 Jan 2008 12:53:49 -0800 From: "Mark D. Foster" <mark@foster.cc> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/119471: update port: security/vuxml to lists maradns DOS Message-ID: <4783E2DD.6000104@foster.cc> Resent-Message-ID: <200801082100.m08L06jr079428@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 119471 >Category: ports >Synopsis: update port: security/vuxml to lists maradns DOS >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Tue Jan 08 21:00:06 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Mark Foster >Release: FreeBSD 6.3-PRERELEASE i386 >Organization: >Environment: System: FreeBSD fred.dyn.portseattle.org 6.3-PRERELEASE FreeBSD 6.3-PRERELEASE #5: Wed Jan 2 08:18:20 PST 2008 root@fred.dyn.portseattle.org:/usr/obj/usr/src/sys/VMWARE2 i386 >Description: >How-To-Repeat: >Fix: --- vuln.xml.patch1 begins here --- --- vuln.xml.old 2008-01-08 12:43:26.000000000 -0800 +++ vuln.xml 2008-01-08 12:34:41.000000000 -0800 @@ -33,6 +33,36 @@ Note: Please add new entries to the beginning of this file. --> +<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="3dbc7f9f-be26-11dc-b3e8-000c291c2ba7"> + <topic>MaraDNS -- Denial of Service Vulnerability</topic> + <affects> + <package> + <name>maradns</name> + <range><lt>1.2.12.08</lt></range> + <range><lt>1.0.41</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>MaraDNS reports:</p> + <blockquote cite="http://maradns.blogspot.com/2007/08/maradns-update-all-versions.html" > + <p> +The good news is that it only took me about 15 minutes to find and reproduce the bug that was causing the improper resource record rotation. The bad news is that the bug that causes the rotation is one that enables a remote denial of service. +</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-0061</cvename> + <url>http://maradns.blogspot.com/2007/08/maradns-update-all-versions.html</url>; + </references> + <dates> + <discovery>2008-01-08</discovery> + <entry>2008-01-08</entry> + </dates> + </vuln> + <vuln vid="f762ccbb-baed-11dc-a302-000102cc8983"> <topic>linux-realplayer -- multiple vulnerabilities</topic> <affects> --- vuln.xml.patch1 ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4783E2DD.6000104>