Date: Thu, 20 Mar 2003 02:41:53 +0100 From: cube <freebsd@quatriemek.com> To: Mike Tancsa <mike@sentex.net> Cc: security@FreeBSD.org Subject: Re: Fwd: EEYE: XDR Integer Overflow Message-ID: <20030320024153.3b54e5c2.freebsd@quatriemek.com> In-Reply-To: <5.2.0.9.0.20030319170809.082d2c98@marble.sentex.ca> References: <5.2.0.9.0.20030319155420.080cbab8@marble.sentex.ca> <5.2.0.9.0.20030319170809.082d2c98@marble.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Le Wed, 19 Mar 2003 17:13:06 -0500 Mike Tancsa a ecrit : > NetBSD is not vulnerable due to, "The length types of the various > xdr*_getbytes functions were made consistent somewhere back in 1997 (all > u_int), so we're not vulnerable in that area." > > However, FreeBSD still seems to have the above as an int as well. So it > appears to be vulnerable ? About the NetBSD bit, Christos Zoulas checked in similar modifications a few days ago. -- Quentin Garnier - cube@cubidou.net "Feels like I'm fiddling while Rome is burning down. Should I lay my fiddle down and take a rifle from the ground ?" Leigh Nash/Sixpence None The Richer, Paralyzed, Divine Discontents, 2002. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030320024153.3b54e5c2.freebsd>