Date: Sun, 6 Apr 2008 12:47:11 -0700 (PDT) From: stheg olloydson <stheg_olloydson@yahoo.com> To: freebsd-security@freebsd.org Subject: CVE-2008-1391 - Multiple BSD Platforms "strfmon()" Function Integer Overflow Message-ID: <185727.37681.qm@web32704.mail.mud.yahoo.com>
next in thread | raw e-mail | index | archive | help
Hello, According to the information at mitre.org, both 6.x and 7.0 are vulnerable. I see in NetBSD's CVS log for src/lib/libc/stdlib/strfmon.c, they have patched this on March 27. Looking at FreeBSD's CVS log at http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libc/stdlib/strfmon.c, shows that no changes have been made since Mon Sep 12, 2005. Is our strfmon() not vulnerable as reported? stheg ____________________________________________________________________________________ You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost. http://tc.deals.yahoo.com/tc/blockbuster/text5.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?185727.37681.qm>