Subject: Re: CERT Advisory CA-2003-10 Integer overflow in Sun RPC XDR library
To: None <email@example.com>
From: Jeremy C. Reed <firstname.lastname@example.org>
Date: 03/24/2003 17:13:53
On Mon, 24 Mar 2003, Christos Zoulas wrote:
> There is one created:
> SA2003-008 faulty length checks in xdrmem_getbytes
> and it will be posted when it is ready.
Thanks. I see that FreeBSD already has advisory and OpenBSD has same fixes
(but no advisory). This will help me.
Does anyone know which static binaries use these xdrmem_getlong_aligned(),
xdrmem_putlong_unaligned(), xdrmem_getbytes(), and/or xdrmem_putbytes()
I am guessing that just mount_nfs and umount may possibly use.
I am trying to figure out what other libraries or tools may use that code
(maybe librpcsvc?), by going backwards from these functions that are
changed. This is a little too hard to do manually.
Jeremy C. Reed