From owner-freebsd-security@FreeBSD.ORG  Sun Apr  6 22:18:45 2008
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0E41B1065676
	for <freebsd-security@freebsd.org>;
	Sun,  6 Apr 2008 22:18:45 +0000 (UTC)
	(envelope-from adrianp@stindustries.net)
Received: from mail.stindustries.net (abe.stindustries.net [216.32.89.252])
	by mx1.freebsd.org (Postfix) with ESMTP id DB1768FC0A
	for <freebsd-security@freebsd.org>;
	Sun,  6 Apr 2008 22:18:44 +0000 (UTC)
	(envelope-from adrianp@stindustries.net)
Received: from ned.stindustries.local (krusty.stindustries.net
	[81.187.204.225])
	by mail.stindustries.net (Postfix) with ESMTPSA id B804716D123;
	Sun,  6 Apr 2008 23:01:30 +0100 (BST)
X-DKIM: Sendmail DKIM Filter v2.5.2 mail.stindustries.net B804716D123
Message-ID: <47F94838.6060105@stindustries.net>
Date: Sun, 06 Apr 2008 23:01:28 +0100
From: Adrian Portelli <adrianp@stindustries.net>
MIME-Version: 1.0
To: "Simon L. Nielsen" <simon@FreeBSD.org>
References: <185727.37681.qm@web32704.mail.mud.yahoo.com>
	<20080406205506.GE1127@FreeBSD.org>
In-Reply-To: <20080406205506.GE1127@FreeBSD.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-security@freebsd.org, stheg olloydson <stheg_olloydson@yahoo.com>
Subject: Re: CVE-2008-1391 - Multiple BSD Platforms "strfmon()" Function 
 Integer Overflow
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Apr 2008 22:18:45 -0000

Simon L. Nielsen wrote:
> On 2008.04.06 12:47:11 -0700, stheg olloydson wrote:
> 
>> According to the information at mitre.org, both 6.x and 7.0 are
>> vulnerable. I see in NetBSD's CVS log for
>> src/lib/libc/stdlib/strfmon.c, they have patched this on March
>> 27.
> 
> Note that the change in NetBSD is possibly incomplete to fix the
> issue.  I'm not sure what the final conclusion was on that.
> 

The final conclusion was a subsequent commit on the 27th:

http://archive.netbsd.se/?ml=netbsd-source-changes&a=2008-03&m=6750722
http://archive.netbsd.se/?ml=netbsd-source-changes&a=2008-03&m=6846592

We're still in the process of getting the changes pulled up.

adrian.