FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-22 18:21:47 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
1e1421f0-8d6f-11e0-89b4-001ec9578670	BIND -- Large RRSIG RRsets and Negative Caching DoS ISC reports: A BIND 9 DNS server set up to be a caching resolver is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache a response. This can cause the BIND 9 DNS server (named process) to crash. Discovery 2011-05-26 Entry 2011-06-04 Modified 2016-08-09 bind9-sdb-ldap bind9-sdb-postgresql < 9.4.3.4 bind96 < 9.6.3.1.ESV.R4.1 bind97 < 9.7.3.1 bind98 < 9.8.0.2 FreeBSD ge 7.3 lt 7.3_6 ge 7.4 lt 7.4_2 ge 8.1 lt 8.1_4 ge 8.2 lt 8.2_2 CVE-2011-1910 SA-11:02.bind http://www.isc.org/software/bind/advisories/cve-2011-1910
83725c91-7c7e-11de-9672-00e0815b8da8	BIND -- Dynamic update message remote DoS Problem Description: When named(8) receives a specially crafted dynamic update message an internal assertion check is triggered which causes named(8) to exit. To trigger the problem, the dynamic update message must contains a record of type "ANY" and at least one resource record set (RRset) for this fully qualified domain name (FQDN) must exist on the server. Impact: An attacker which can send DNS requests to a nameserver can cause it to exit, thus creating a Denial of Service situation. Workaround: No generally applicable workaround is available, but some firewalls may be able to prevent nsupdate DNS packets from reaching the nameserver. NOTE WELL: Merely configuring named(8) to ignore dynamic updates is NOT sufficient to protect it from this vulnerability. Discovery 2009-07-28 Entry 2009-08-01 Modified 2009-08-04 bind9 < 9.3.6.1.1 bind9-sdb-postgresql bind9-sdb-ldap < 9.4.3.3 FreeBSD ge 6.3 lt 6.3_12 ge 6.4 lt 6.4_6 ge 7.1 lt 7.1_7 ge 7.2 lt 7.2_3 CVE-2009-0696 SA-09:12.bind http://www.kb.cert.org/vuls/id/725188 https://www.isc.org/node/474

VuXML ID

Description

1e1421f0-8d6f-11e0-89b4-001ec9578670

BIND -- Large RRSIG RRsets and Negative Caching DoS

ISC reports:

A BIND 9 DNS server set up to be a caching resolver is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache a response. This can cause the BIND 9 DNS server (named process) to crash.

Discovery 2011-05-26
Entry 2011-06-04
Modified 2016-08-09
bind9-sdb-ldap
bind9-sdb-postgresql

< 9.4.3.4

bind96

< 9.6.3.1.ESV.R4.1

bind97

< 9.7.3.1

bind98

< 9.8.0.2

FreeBSD

ge 7.3 lt 7.3_6

ge 7.4 lt 7.4_2

ge 8.1 lt 8.1_4

ge 8.2 lt 8.2_2

CVE-2011-1910
SA-11:02.bind
http://www.isc.org/software/bind/advisories/cve-2011-1910

83725c91-7c7e-11de-9672-00e0815b8da8

BIND -- Dynamic update message remote DoS

Problem Description:

When named(8) receives a specially crafted dynamic update message an internal assertion check is triggered which causes named(8) to exit.

To trigger the problem, the dynamic update message must contains a record of type "ANY" and at least one resource record set (RRset) for this fully qualified domain name (FQDN) must exist on the server.

Impact:

An attacker which can send DNS requests to a nameserver can cause it to exit, thus creating a Denial of Service situation.

Workaround:

No generally applicable workaround is available, but some firewalls may be able to prevent nsupdate DNS packets from reaching the nameserver.

NOTE WELL: Merely configuring named(8) to ignore dynamic updates is NOT sufficient to protect it from this vulnerability.

Discovery 2009-07-28
Entry 2009-08-01
Modified 2009-08-04
bind9

< 9.3.6.1.1

bind9-sdb-postgresql
bind9-sdb-ldap

< 9.4.3.3

FreeBSD

ge 6.3 lt 6.3_12

ge 6.4 lt 6.4_6

ge 7.1 lt 7.1_7

ge 7.2 lt 7.2_3

CVE-2009-0696
SA-09:12.bind
http://www.kb.cert.org/vuls/id/725188
https://www.isc.org/node/474