Date: Mon, 27 Aug 2012 10:11:21 +0200 From: Damien Fleuriot <ml@my.gd> To: freebsd-questions@freebsd.org Subject: 8-STABLE base BIND version number typo ? Message-ID: <CAE63ME4uJ%2Bq2q3h-NSJOKxqMynZ32v%2BrhT04WCNchCjYRUt0Hw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello list, We're currently running Nessus PCI DSS scans on our infrastructure to eliminate known vulnerabilities and problems. The scan reports that my version of BIND is vulnerable to exploits I *know* it isn't. The problem, to me, seems to be with the version number as reported by named -V : BIND 9.6.-ESV-R7-P2 built with '--prefix=/usr' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--enable-threads' '--enable-getifaddrs' '--disable-linux-caps' '--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn' '--without-libxml2' (notice the .- notation) This is the base's BIND running on 8.3-STABLE 64 bits compiled and built on 22/08/12 : FreeBSD pf1-dmz-gs.[snip] 8.3-STABLE FreeBSD 8.3-STABLE #2: Wed Aug 22 10:41:47 CEST 2012 I have verified that building the exact same version from the ports, at /usr/ports/dns/bind96 yields the correct version number and the vulnerabilities are no longer reported by the scan, which uses BIND's version number as a reference. Has anyone else noticed the same oddity, that I might fill a PR ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAE63ME4uJ%2Bq2q3h-NSJOKxqMynZ32v%2BrhT04WCNchCjYRUt0Hw>