Subject: Re: Strange statement
To: Jason Thorpe <firstname.lastname@example.org>
From: Bill Studenmund <email@example.com>
Date: 02/13/1998 15:29:27
On Fri, 13 Feb 1998, Jason Thorpe wrote:
> On Fri, 13 Feb 1998 14:43:00 -0800
> Greg Wohletz <greg@duke.CS.UNLV.EDU> wrote:
> > From:
> > http://www.cert.org/pub/advisories/CA-97.26.statd.html
> > The NetBSD project
> > NetBSD is not vulnerable to the statd buffer overflow. It does not ship
> > with NFS locking programs (statd/lockd).
> > What exactly does this mean? My netbsd 1.3 systems certainly all have
> > lockd/statd. Are they vunerable to this buffer overrun bug or not?
> As of the latest release at the time the announcement was made, NetBSD
> did not have statd/lockd. The statd/lockd that NetBSD 1.3 ships with
> are NOT vulnerable to the overflow described in the report.
Could we amend the statement to reflect 1.3's shipping with a NOT