Subject: Re: CERT Advisory CA-2003-10 Integer overflow in Sun RPC XDR library
To: Christos Zoulas <>
From: Jeremy C. Reed <>
List: tech-security
Date: 03/24/2003 13:21:11
On Mon, 24 Mar 2003, Christos Zoulas wrote:

> >Does this mean NetBSD is not vulernable at all to this CERT Advisory
> >CA-2003-10 Integer overflow in Sun RPC XDR library routines?
> We were vulnerable, but in a slightly different attack. All fixes have
> been applied to current, and pulled up to 1.6.x and 1.5.x.

I saw the fixes. (I understand that this is also different from NetBSD
Security Advisory 2002-011.)

Does anyone know if there is an official (non-NetBSD) advisory for this?

Any URLs? (I think this is different than CAN-2003-0028.)

Will NetBSD be announcing an advisory?


   Jeremy C. Reed