Subject: Re: CERT Advisory CA-2003-10 Integer overflow in Sun RPC XDR library
To: Christos Zoulas <christos@zoulas.com>
From: Jeremy C. Reed <reed@reedmedia.net>
List: tech-security
Date: 03/24/2003 13:21:11
On Mon, 24 Mar 2003, Christos Zoulas wrote:
> >Does this mean NetBSD is not vulernable at all to this CERT Advisory
> >CA-2003-10 Integer overflow in Sun RPC XDR library routines?
>
> We were vulnerable, but in a slightly different attack. All fixes have
> been applied to current, and pulled up to 1.6.x and 1.5.x.
I saw the fixes. (I understand that this is also different from NetBSD
Security Advisory 2002-011.)
Does anyone know if there is an official (non-NetBSD) advisory for this?
Any URLs? (I think this is different than CAN-2003-0028.)
Will NetBSD be announcing an advisory?
Thanks,
Jeremy C. Reed
http://bsd.reedmedia.net/