FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-18 05:51:40 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
83725c91-7c7e-11de-9672-00e0815b8da8	BIND -- Dynamic update message remote DoS Problem Description: When named(8) receives a specially crafted dynamic update message an internal assertion check is triggered which causes named(8) to exit. To trigger the problem, the dynamic update message must contains a record of type "ANY" and at least one resource record set (RRset) for this fully qualified domain name (FQDN) must exist on the server. Impact: An attacker which can send DNS requests to a nameserver can cause it to exit, thus creating a Denial of Service situation. Workaround: No generally applicable workaround is available, but some firewalls may be able to prevent nsupdate DNS packets from reaching the nameserver. NOTE WELL: Merely configuring named(8) to ignore dynamic updates is NOT sufficient to protect it from this vulnerability. Discovery 2009-07-28 Entry 2009-08-01 Modified 2009-08-04 bind9 < 9.3.6.1.1 bind9-sdb-postgresql bind9-sdb-ldap < 9.4.3.3 FreeBSD >= 6.3 lt 6.3_12 >= 6.4 lt 6.4_6 >= 7.1 lt 7.1_7 >= 7.2 lt 7.2_3 CVE-2009-0696 SA-09:12.bind http://www.kb.cert.org/vuls/id/725188 https://www.isc.org/node/474

VuXML ID

Description

83725c91-7c7e-11de-9672-00e0815b8da8

BIND -- Dynamic update message remote DoS

Problem Description:

When named(8) receives a specially crafted dynamic update message an internal assertion check is triggered which causes named(8) to exit.

To trigger the problem, the dynamic update message must contains a record of type "ANY" and at least one resource record set (RRset) for this fully qualified domain name (FQDN) must exist on the server.

Impact:

An attacker which can send DNS requests to a nameserver can cause it to exit, thus creating a Denial of Service situation.

Workaround:

No generally applicable workaround is available, but some firewalls may be able to prevent nsupdate DNS packets from reaching the nameserver.

NOTE WELL: Merely configuring named(8) to ignore dynamic updates is NOT sufficient to protect it from this vulnerability.

Discovery 2009-07-28
Entry 2009-08-01
Modified 2009-08-04
bind9

< 9.3.6.1.1

bind9-sdb-postgresql
bind9-sdb-ldap

< 9.4.3.3

FreeBSD

>= 6.3 lt 6.3_12

>= 6.4 lt 6.4_6

>= 7.1 lt 7.1_7

>= 7.2 lt 7.2_3

CVE-2009-0696
SA-09:12.bind
http://www.kb.cert.org/vuls/id/725188
https://www.isc.org/node/474