From owner-freebsd-security  Tue Nov  3 21:30:04 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id VAA21032
          for freebsd-security-outgoing; Tue, 3 Nov 1998 21:30:04 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from banshee.cs.uow.edu.au (banshee.cs.uow.edu.au [130.130.188.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA21015
          for <FreeBSD-security@FreeBSD.ORG>; Tue, 3 Nov 1998 21:30:00 -0800 (PST)
          (envelope-from ncb05@banshee.cs.uow.edu.au)
Received: (from ncb05@localhost)
	by banshee.cs.uow.edu.au (8.9.1a/8.9.1) id QAA25905;
	Wed, 4 Nov 1998 16:29:40 +1100 (EST)
Date: Wed, 4 Nov 1998 16:29:40 +1100 (EST)
From: Nicholas Charles Brawn <ncb05@uow.edu.au>
X-Sender: ncb05@banshee.cs.uow.edu.au
To: Warner Losh <imp@village.org>
cc: FreeBSD-security@FreeBSD.ORG
Subject: Re: [rootshell] Security Bulletin #25 (fwd) 
In-Reply-To: <199811040437.VAA26480@harmony.village.org>
Message-ID: <Pine.SOL.4.02A.9811041627410.24210-100000@banshee.cs.uow.edu.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Well I just grabbed 1.2.26 and did: 
find . -exec grep sprintf {} \; |wc -l 

And came up with 138 lines. Just having sprintf() in your code is not
indicative of a vulnerability, but it's still a high number.

Nick

--
Email: ncb05@uow.edu.au - http://rabble.uow.edu.au/~nick
Key fingerprint =  DE 30 33 D3 16 91 C8 8D  A7 F8 70 03 B7 77 1A 2A



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message