From owner-freebsd-ports-bugs@FreeBSD.ORG Tue Jan 8 21:00:06 2008 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C4F6716A421 for ; Tue, 8 Jan 2008 21:00:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id A1F3413C458 for ; Tue, 8 Jan 2008 21:00:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m08L06bc079429 for ; Tue, 8 Jan 2008 21:00:06 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m08L06jr079428; Tue, 8 Jan 2008 21:00:06 GMT (envelope-from gnats) Resent-Date: Tue, 8 Jan 2008 21:00:06 GMT Resent-Message-Id: <200801082100.m08L06jr079428@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, "Mark D. Foster" Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 789A916A421 for ; Tue, 8 Jan 2008 20:53:58 +0000 (UTC) (envelope-from mark@foster.cc) Received: from QMTA06.emeryville.ca.mail.comcast.net (qmta06.emeryville.ca.mail.comcast.net [76.96.30.56]) by mx1.freebsd.org (Postfix) with ESMTP id 3F88713C46A for ; Tue, 8 Jan 2008 20:53:58 +0000 (UTC) (envelope-from mark@foster.cc) Received: from OMTA05.emeryville.ca.mail.comcast.net ([76.96.30.43]) by QMTA06.emeryville.ca.mail.comcast.net with comcast id af6z1Y0090vp7WL0A0it00; Tue, 08 Jan 2008 20:53:58 +0000 Received: from fosgate.dyndns.org ([71.231.158.147]) by OMTA05.emeryville.ca.mail.comcast.net with comcast id aktl1Y0023B62Q78R00000; Tue, 08 Jan 2008 20:53:46 +0000 Received: from localhost (localhost [127.0.0.1]) by fosgate.dyndns.org (Postfix) with ESMTP id 1CDC73983B for ; Tue, 8 Jan 2008 12:49:26 -0800 (PST) Received: from fosgate.dyndns.org ([127.0.0.1]) by localhost (sonar.foster.dmz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j-HtPiwFaQSI for ; Tue, 8 Jan 2008 12:49:19 -0800 (PST) Received: from [10.1.253.59] (unknown [198.134.96.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: mdf) by fosgate.dyndns.org (Postfix) with ESMTP id 5C34539825 for ; Tue, 8 Jan 2008 12:49:19 -0800 (PST) Message-Id: <4783E2DD.6000104@foster.cc> Date: Tue, 08 Jan 2008 12:53:49 -0800 From: "Mark D. Foster" To: freebsd-gnats-submit@FreeBSD.org Cc: Subject: ports/119471: update port: security/vuxml to lists maradns DOS X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jan 2008 21:00:06 -0000 >Number: 119471 >Category: ports >Synopsis: update port: security/vuxml to lists maradns DOS >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Tue Jan 08 21:00:06 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Mark Foster >Release: FreeBSD 6.3-PRERELEASE i386 >Organization: >Environment: System: FreeBSD fred.dyn.portseattle.org 6.3-PRERELEASE FreeBSD 6.3-PRERELEASE #5: Wed Jan 2 08:18:20 PST 2008 root@fred.dyn.portseattle.org:/usr/obj/usr/src/sys/VMWARE2 i386 >Description: >How-To-Repeat: >Fix: --- vuln.xml.patch1 begins here --- --- vuln.xml.old 2008-01-08 12:43:26.000000000 -0800 +++ vuln.xml 2008-01-08 12:34:41.000000000 -0800 @@ -33,6 +33,36 @@ Note: Please add new entries to the beginning of this file. --> + + + MaraDNS -- Denial of Service Vulnerability + + + maradns + 1.2.12.08 + 1.0.41 + + + + +

MaraDNS reports:

+
+

+The good news is that it only took me about 15 minutes to find and reproduce the bug that was causing the improper resource record rotation. The bad news is that the bug that causes the rotation is one that enables a remote denial of service. +

+
+ + + + CVE-2008-0061 + http://maradns.blogspot.com/2007/08/maradns-update-all-versions.html + + + 2008-01-08 + 2008-01-08 + + + linux-realplayer -- multiple vulnerabilities --- vuln.xml.patch1 ends here --- >Release-Note: >Audit-Trail: >Unformatted: