From owner-freebsd-security  Wed Mar 19 17:41:59 2003
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6677737B401
	for <security@FreeBSD.org>; Wed, 19 Mar 2003 17:41:57 -0800 (PST)
Received: from yoda.cubidou.net (puzo.quatriemek.com [62.4.18.140])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CCF0B43F93
	for <security@FreeBSD.org>; Wed, 19 Mar 2003 17:41:55 -0800 (PST)
	(envelope-from freebsd@quatriemek.com)
Received: from padme.cubidou.net (padme.cubidou.net [192.168.0.6])
	by yoda.cubidou.net (Postfix) with SMTP
	id 66F3D3682; Thu, 20 Mar 2003 02:41:53 +0100 (CET)
Date: Thu, 20 Mar 2003 02:41:53 +0100
From: cube <freebsd@quatriemek.com>
To: Mike Tancsa <mike@sentex.net>
Cc: security@FreeBSD.org
Subject: Re: Fwd: EEYE: XDR Integer Overflow
Message-Id: <20030320024153.3b54e5c2.freebsd@quatriemek.com>
In-Reply-To: <5.2.0.9.0.20030319170809.082d2c98@marble.sentex.ca>
References: <5.2.0.9.0.20030319155420.080cbab8@marble.sentex.ca>
	<5.2.0.9.0.20030319170809.082d2c98@marble.sentex.ca>
Organization: cubidou.net
X-Mailer: Sylpheed version 0.8.11claws (GTK+ 1.2.10; i386--netbsdelf)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Le Wed, 19 Mar 2003 17:13:06 -0500
Mike Tancsa a ecrit :
> NetBSD is not vulnerable due to, "The length types of the various 
> xdr*_getbytes functions were made consistent somewhere back in 1997 (all
> u_int), so we're not vulnerable in that area."
> 
> However, FreeBSD still seems to have the above as an int as well.  So it
> appears to be vulnerable ?

About the NetBSD bit, Christos Zoulas checked in similar modifications a
few days ago.

-- 
Quentin Garnier - cube@cubidou.net
"Feels like I'm fiddling while Rome is burning down.
Should I lay my fiddle down and take a rifle from the ground ?"
Leigh Nash/Sixpence None The Richer, Paralyzed, Divine Discontents, 2002.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message