Date: Mon, 13 May 2002 09:18:59 +0200 From: "Carroll, D. (Danny)" <Danny.Carroll@mail.ing.nl> To: <security@freebsd.org> Subject: RE: DHCPD bug Message-ID: <6C506EA550443D44A061432F1E92EA4C012DBA@ing.com>
next in thread | raw e-mail | index | archive | help
As a little aside, whilst reading the CERT advisory I noticed that
NetBSD is not vulernable because: "NetBSD fixed this during a format
string sweep performed on 11-Oct-2000. No released version of NetBSD is
vulnerable to this issue."
Nice and prudent. Is there any reason why this would be difficult to do
in the FreeBSD source / Ports source??
I don't know a hell of a lot about buffer over-runs but the patch passes
("%s", ptr) rather than simply (ptr)... If the fix for most over-runs
is this simple then this task should be easy to do. At least it might
be easy to identify potential issues.
-D
-----------------------------------------------------------------
ATTENTION:
The information in this electronic mail message is private and
confidential, and only intended for the addressee. Should you
receive this message by mistake, you are hereby notified that
any disclosure, reproduction, distribution or use of this
message is strictly prohibited. Please inform the sender by
reply transmission and delete the message without copying or
opening it.
Messages and attachments are scanned for all viruses known.
If this message contains password-protected attachments, the
files have NOT been scanned for viruses by the ING mail domain.
Always scan attachments before opening them.
-----------------------------------------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6C506EA550443D44A061432F1E92EA4C012DBA>