Date: Mon, 13 May 2002 09:18:59 +0200 From: "Carroll, D. (Danny)" <Danny.Carroll@mail.ing.nl> To: <security@freebsd.org> Subject: RE: DHCPD bug Message-ID: <6C506EA550443D44A061432F1E92EA4C012DBA@ing.com>
next in thread | raw e-mail | index | archive | help
As a little aside, whilst reading the CERT advisory I noticed that NetBSD is not vulernable because: "NetBSD fixed this during a format string sweep performed on 11-Oct-2000. No released version of NetBSD is vulnerable to this issue." Nice and prudent. Is there any reason why this would be difficult to do in the FreeBSD source / Ports source?? I don't know a hell of a lot about buffer over-runs but the patch passes ("%s", ptr) rather than simply (ptr)... If the fix for most over-runs is this simple then this task should be easy to do. At least it might be easy to identify potential issues. -D -----------------------------------------------------------------=0A= ATTENTION:=0A= The information in this electronic mail message is private and=0A= confidential, and only intended for the addressee. Should you=0A= receive this message by mistake, you are hereby notified that=0A= any disclosure, reproduction, distribution or use of this=0A= message is strictly prohibited. Please inform the sender by=0A= reply transmission and delete the message without copying or=0A= opening it.=0A= =0A= Messages and attachments are scanned for all viruses known.=0A= If this message contains password-protected attachments, the=0A= files have NOT been scanned for viruses by the ING mail domain.=0A= Always scan attachments before opening them.=0A= ----------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6C506EA550443D44A061432F1E92EA4C012DBA>