On 27 August 2012 10:11, Damien Fleuriot <m...@my.gd> wrote: > Hello list, > > > > We're currently running Nessus PCI DSS scans on our infrastructure to > eliminate known vulnerabilities and problems. > > The scan reports that my version of BIND is vulnerable to exploits I > *know* it isn't. > > The problem, to me, seems to be with the version number as reported by > named -V : > BIND 9.6.-ESV-R7-P2 built with '--prefix=/usr' > '--infodir=/usr/share/info' '--mandir=/usr/share/man' > '--enable-threads' '--enable-getifaddrs' '--disable-linux-caps' > '--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn' > '--without-libxml2' > > (notice the .- notation) > > > This is the base's BIND running on 8.3-STABLE 64 bits compiled and > built on 22/08/12 : > FreeBSD pf1-dmz-gs.[snip] 8.3-STABLE FreeBSD 8.3-STABLE #2: Wed Aug 22 > 10:41:47 CEST 2012 > > > I have verified that building the exact same version from the ports, > at /usr/ports/dns/bind96 yields the correct version number and the > vulnerabilities are no longer reported by the scan, which uses BIND's > version number as a reference. > > > > Has anyone else noticed the same oddity, that I might fill a PR ?
Hello list, I seem to have seen no replies. Would anyone kindly confirm they've got the same problem so we can get a PR filled ? _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"