On Mon, 8 Dec 1997, Jason Thorpe wrote:

> On Mon, 8 Dec 1997 16:14:14 -0800 (PST) 
>  Bill Studenmund <skippy@macro.stanford.edu> wrote:
> 
>  > I saw this, and I've been wondering. The answer was that we don't ship
>  > with a statd. But what is /usr/sbin/rpc.statd? It comes up when you do a
>  > man on statd. ??
> 
> Not in our last release... 1.3 will, but it's not vulnerable.

Jason (and Matthew),

Thanks for clearing it up!

Should the CERT advisory response have been worded differently, to mention
that we will have a statd which is safe?

Take care,

Bill