Subject: Re: CERT Advisory CA-2003-10 Integer overflow in Sun RPC XDR library
To: None <firstname.lastname@example.org>
From: Jeremy C. Reed <email@example.com>
Date: 03/24/2003 11:37:41
On Wed, 19 Mar 2003, CERT Advisory wrote:
> The length types of the various xdr*_getbytes functions were made
> consistent somewhere back in 1997 (all u_int), so we're not vulnerable
> in that area.
Does this mean NetBSD is not vulernable at all to this CERT Advisory
CA-2003-10 Integer overflow in Sun RPC XDR library routines?
The xdr_mem.c fix mentions "overflow, and then overwrite valid memory."
Is this related? (Is this another advisory?)
Jeremy C. Reed