From owner-freebsd-security  Thu Sep 28 12:31:37 1995
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id MAA26422
          for security-outgoing; Thu, 28 Sep 1995 12:31:37 -0700
Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.34])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id MAA26410
          for <security@freebsd.org>; Thu, 28 Sep 1995 12:31:30 -0700
Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id FAA20687; Fri, 29 Sep 1995 05:28:06 +1000
Date: Fri, 29 Sep 1995 05:28:06 +1000
From: Bruce Evans <bde@zeta.org.au>
Message-Id: <199509281928.FAA20687@godzilla.zeta.org.au>
To: pst@cisco.com, wollman@lcs.mit.edu
Subject: Re: are we affected?
Cc: security@freebsd.org
Sender: owner-security@freebsd.org
Precedence: bulk

>> The vulnerability affects lsof revisions 3.18 through 3.43, installed
>> on these UNIX dialects:

>Not unless you decide to install an old version of the `lsof' program.

The damage is limited mainly by lsof not being a port.  I have
lsof_3.31, which is quite recent (June 17).   This version doesn't quite
compile under 2.0.5 (the queue macros rename some variables and hide the
queue internals).

Bruce