current-users: Re: Strange statement

Subject: Re: Strange statement
To: Greg Wohletz <greg@duke.cs.unlv.edu>
From: Jason Thorpe <thorpej@nas.nasa.gov>
List: current-users
Date: 02/13/1998 15:04:43

On Fri, 13 Feb 1998 14:43:00 -0800 
 Greg Wohletz <greg@duke.CS.UNLV.EDU> wrote:

 > From:
 > 
 > http://www.cert.org/pub/advisories/CA-97.26.statd.html
 > 
 > 
 > The NetBSD project
 > 
 > NetBSD is not vulnerable to the statd buffer overflow. It does not ship
 > with NFS locking programs (statd/lockd).
 > 
 > 
 > 
 > What exactly does this mean?  My netbsd 1.3 systems certainly all have
 > lockd/statd.  Are they vunerable to this buffer overrun bug or not?

As of the latest release at the time the announcement was made, NetBSD
did not have statd/lockd.  The statd/lockd that NetBSD 1.3 ships with
are NOT vulnerable to the overflow described in the report.

Jason R. Thorpe                                       thorpej@nas.nasa.gov
NASA Ames Research Center                            Home: +1 408 866 1912
NAS: M/S 258-5                                       Work: +1 650 604 0935
Moffett Field, CA 94035                             Pager: +1 415 428 6939