Date: 24 Oct 1995 02:14:48 +0800 From: peter@haywire.dialix.com (Peter Wemm) To: freebsd-hackers@freebsd.org Subject: Re: (fwd) CERT Advisory CA-95:13 - Syslog Vulnerability (with sendmail workaround) Message-ID: <46gm2o$ikl$1@haywire.DIALix.COM> References: <9510231408.AA00655@sunny.wup.de>
next in thread | previous in thread | raw e-mail | index | archive | help
andreas@sunny.wup.de (Andreas Klemm) writes: >Hi ! >Do you know this CERET Advisory already ?! >Strange for me, that a Linux version with a certain libc release >is 1. proofed by CERT and 2. mentioned to be secure and >FreeBSD isn't mentioned ..... what does it mean ... > a) CERT doesn't test FreeBSD ? > b) FreeBSD still has the mentioned security hole ? >Regards > Andreas /// FreeBSD has fixed the hole, IMHO better than the others, but it used one of the advanced 4.4BSD stdio features to do it more securely (fwopen()/vfprintf() instead of umpteen strlen()/snprintf()). They covered FreeBSD/NetBSD (not by name) by saying: there are different patches available for other operating systems, but these have not been evaluated by cert, blah, blah. Both Free/NetBSD did it their own way. -Peter >-- >andreas@wup.de /\/\___ Wiechers & Partner Datentechnik GmbH >Andreas Klemm ___/\/\/ - Support Unix -
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46gm2o$ikl$1>