Date: Mon, 13 May 2002 09:18:59 +0200 From: "Carroll, D. (Danny)" <Danny.Carroll@mail.ing.nl> To: <security@freebsd.org> Subject: RE: DHCPD bug Message-ID: <6C506EA550443D44A061432F1E92EA4C012DBA@ing.com>
next in thread | raw e-mail | index | archive | help
As a little aside, whilst reading the CERT advisory I noticed that
NetBSD is not vulernable because: "NetBSD fixed this during a format
string sweep performed on 11-Oct-2000. No released version of NetBSD is
vulnerable to this issue."
Nice and prudent. Is there any reason why this would be difficult to do
in the FreeBSD source / Ports source??
I don't know a hell of a lot about buffer over-runs but the patch passes
("%s", ptr) rather than simply (ptr)... If the fix for most over-runs
is this simple then this task should be easy to do. At least it might
be easy to identify potential issues.
-D
-----------------------------------------------------------------=0A=
ATTENTION:=0A=
The information in this electronic mail message is private and=0A=
confidential, and only intended for the addressee. Should you=0A=
receive this message by mistake, you are hereby notified that=0A=
any disclosure, reproduction, distribution or use of this=0A=
message is strictly prohibited. Please inform the sender by=0A=
reply transmission and delete the message without copying or=0A=
opening it.=0A=
=0A=
Messages and attachments are scanned for all viruses known.=0A=
If this message contains password-protected attachments, the=0A=
files have NOT been scanned for viruses by the ING mail domain.=0A=
Always scan attachments before opening them.=0A=
-----------------------------------------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6C506EA550443D44A061432F1E92EA4C012DBA>