From owner-freebsd-security  Thu Sep  7  2:47:30 2000
Delivered-To: freebsd-security@freebsd.org
Received: from columbus.cris.net (columbus.cris.net [212.110.128.65])
	by hub.freebsd.org (Postfix) with ESMTP id 15FCB37B423
	for <security@freeBSD.org>; Thu,  7 Sep 2000 02:47:27 -0700 (PDT)
Received: from ark.cris.net (ark.cris.net [212.110.128.68])
	by columbus.cris.net (8.9.3/8.9.3) with ESMTP id MAA73102;
	Thu, 7 Sep 2000 12:47:08 +0300 (EEST)
Received: (from phantom@localhost)
	by ark.cris.net (8.9.3/8.9.3) id MAA31262;
	Thu, 7 Sep 2000 12:46:52 +0300 (EEST)
	(envelope-from phantom)
Date: Thu, 7 Sep 2000 12:46:52 +0300
From: Alexey Zelkin <phantom@ark.cris.net>
To: Paul Herman <pherman@frenchfries.net>
Cc: security@freeBSD.org
Subject: Re: UNIX locale format string vulnerability (fwd)
Message-ID: <20000907124652.A30896@ark.cris.net>
References: <20000907104925.A37872@mithrandr.moria.org> <Pine.BSF.4.21.0009071114230.354-100000@bagabeedaboo.security.at12.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <Pine.BSF.4.21.0009071114230.354-100000@bagabeedaboo.security.at12.de>; from pherman@frenchfries.net on Thu, Sep 07, 2000 at 11:22:10AM +0200
X-Operating-System: FreeBSD 3.5-STABLE i386
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

hi,

On Thu, Sep 07, 2000 at 11:22:10AM +0200, Paul Herman wrote:
 
> I've been following freebsd-security, but I haven't seen any
> confirmation one way or the other (except for linux binaries mentioned
> in this thread.)  Kris, is FreeBSD itself vulnerable to the locale
> vuln.?

Please read original post more carefully. It contains an answer (BTW, exactly
from Kris)

-- 
/* Alexey Zelkin               && phantom@cris.net       */
/* Tavric National University  && phantom@FreeBSD.org    */
/* Sysadmin/Developer          && phantom@sms.umc.com.ua */


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message