From owner-freebsd-security  Sun Apr 27 18:15:15 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id SAA10146
          for security-outgoing; Sun, 27 Apr 1997 18:15:15 -0700 (PDT)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id SAA10138
          for <freebsd-security@freebsd.org>; Sun, 27 Apr 1997 18:15:12 -0700 (PDT)
Received: from rover.village.org [127.0.0.1] 
	by rover.village.org with esmtp (Exim 1.60 #1)
	id 0wLf1v-00070G-00; Sun, 27 Apr 1997 19:15:00 -0600
To: Dmitry Valdov <dv@kis.ru>
Subject: Re: SNI-12: BIND Vulnerabilities and Solutions (fwd) 
Cc: freebsd-security@freebsd.org
In-reply-to: Your message of "Tue, 22 Apr 1997 23:13:57 +0400."
		<Pine.BSF.3.95q.970422231144.12297A-100000@xkis.kis.ru> 
References: <Pine.BSF.3.95q.970422231144.12297A-100000@xkis.kis.ru>  
Date: Sun, 27 Apr 1997 19:14:59 -0600
From: Warner Losh <imp@village.org>
Message-Id: <E0wLf1v-00070G-00@rover.village.org>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In message <Pine.BSF.3.95q.970422231144.12297A-100000@xkis.kis.ru> Dmitry Valdov writes:
: Is fbsd 2.2.1 vulnerable? If yes are there any patches available specially
: for FreeBSD?

Generally, FreeBSD is vulnerable to the predictable sequence numbers,
but not to the buffer overflow.  I'm relatively sure that all the
setuid programs have been fixed.  I'm less certain that all of the
places in the tree have been fixed, however.

Warner