tech-security: Re: CERT Advisory CA-2003-10 Integer overflow in Sun RPC XDR library

Subject: Re: CERT Advisory CA-2003-10 Integer overflow in Sun RPC XDR library
To: Christos Zoulas <christos@zoulas.com>
From: Jeremy C. Reed <reed@reedmedia.net>
List: tech-security
Date: 03/24/2003 13:21:11

On Mon, 24 Mar 2003, Christos Zoulas wrote:

> >Does this mean NetBSD is not vulernable at all to this CERT Advisory
> >CA-2003-10 Integer overflow in Sun RPC XDR library routines?
>
> We were vulnerable, but in a slightly different attack. All fixes have
> been applied to current, and pulled up to 1.6.x and 1.5.x.

I saw the fixes. (I understand that this is also different from NetBSD
Security Advisory 2002-011.)

Does anyone know if there is an official (non-NetBSD) advisory for this?

Any URLs? (I think this is different than CAN-2003-0028.)

Will NetBSD be announcing an advisory?

Thanks,

   Jeremy C. Reed
   http://bsd.reedmedia.net/