Subject: Re: Strange statement
To: Greg Wohletz <firstname.lastname@example.org>
From: Jason Thorpe <email@example.com>
Date: 02/13/1998 15:04:43
On Fri, 13 Feb 1998 14:43:00 -0800
Greg Wohletz <greg@duke.CS.UNLV.EDU> wrote:
> The NetBSD project
> NetBSD is not vulnerable to the statd buffer overflow. It does not ship
> with NFS locking programs (statd/lockd).
> What exactly does this mean? My netbsd 1.3 systems certainly all have
> lockd/statd. Are they vunerable to this buffer overrun bug or not?
As of the latest release at the time the announcement was made, NetBSD
did not have statd/lockd. The statd/lockd that NetBSD 1.3 ships with
are NOT vulnerable to the overflow described in the report.
Jason R. Thorpe firstname.lastname@example.org
NASA Ames Research Center Home: +1 408 866 1912
NAS: M/S 258-5 Work: +1 650 604 0935
Moffett Field, CA 94035 Pager: +1 415 428 6939