Subject: Re: CERT Advisory CA-2003-10 Integer overflow in Sun RPC XDR library
To: Jeremy C. Reed <email@example.com>
From: Christos Zoulas <firstname.lastname@example.org>
Date: 03/24/2003 16:24:34
On Mar 24, 1:21pm, email@example.com ("Jeremy C. Reed") wrote:
-- Subject: Re: CERT Advisory CA-2003-10 Integer overflow in Sun RPC XDR libr
| On Mon, 24 Mar 2003, Christos Zoulas wrote:
| > >Does this mean NetBSD is not vulernable at all to this CERT Advisory
| > >CA-2003-10 Integer overflow in Sun RPC XDR library routines?
| > We were vulnerable, but in a slightly different attack. All fixes have
| > been applied to current, and pulled up to 1.6.x and 1.5.x.
| I saw the fixes. (I understand that this is also different from NetBSD
| Security Advisory 2002-011.)
| Does anyone know if there is an official (non-NetBSD) advisory for this?
There is one created:
SA2003-008 faulty length checks in xdrmem_getbytes
and it will be posted when it is ready.
| Any URLs? (I think this is different than CAN-2003-0028.)
| Will NetBSD be announcing an advisory?
| Jeremy C. Reed