Date: Mon, 31 Mar 2008 16:30:47 -0400 From: Gerard <gerard@seibercom.net> To: freebsd-questions@freebsd.org Subject: US-CERT Warning Message-ID: <20080331163047.3647afb5@scorpio>
next in thread | raw e-mail | index | archive | help
--Sig_/wzHH./gEH_s0xMo_byn=DSx Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable I seems that US-Cert has issued a 'High Vulnerability' warning regarding FreeBSD. This is the URL: http://www.us-cert.gov/cas/bulletins/SB08-091.html A snippet of the warning: Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec. --=20 Gerard gerard@seibercom.net Sleep -- the most beautiful experience in life -- except drink. W.C. Fields --Sig_/wzHH./gEH_s0xMo_byn=DSx Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.8 (FreeBSD) iEYEARECAAYFAkfxSf4ACgkQ6DWTaTcTwMk2zgCfepFkQ3UNxnb6ka4t3qRiwWwE 2eoAoOre8XUwbGdorF6UcnI+WN0h5mqQ =QkbK -----END PGP SIGNATURE----- --Sig_/wzHH./gEH_s0xMo_byn=DSx--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080331163047.3647afb5>