[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVE-2008-1391 - Multiple BSD Platforms "strfmon()" Function Integer Overflow

To: freebsd-security_(_at_)_freebsd_(_dot_)_org
Subject: CVE-2008-1391 - Multiple BSD Platforms "strfmon()" Function Integer Overflow
From: stheg olloydson <stheg_olloydson_(_at_)_yahoo_(_dot_)_com>
Date: Sun, 6 Apr 2008 12:47:11 -0700 (PDT)

Hello,

According to the information at mitre.org, both 6.x and 7.0 are
vulnerable. I see in NetBSD's CVS log for
src/lib/libc/stdlib/strfmon.c, they have patched this on March
27.
Looking at FreeBSD's CVS log at
http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libc/stdlib/strfmon.c,
 shows that no changes have been made since Mon Sep 12, 2005.
Is our strfmon() not vulnerable as reported?

stheg 


      ____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.  
http://tc.deals.yahoo.com/tc/blockbuster/text5.com
_______________________________________________
freebsd-security_(_at_)_freebsd_(_dot_)_org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe_(_at_)_freebsd_(_dot_)_org"

Follow-Ups:
- Re: CVE-2008-1391 - Multiple BSD Platforms "strfmon()" Function Integer Overflow
  - From: Simon L. Nielsen

Prev by Date: Re: freebsd-security Digest, Vol 246, Issue 1
Next by Date: Re: CVE-2008-1391 - Multiple BSD Platforms "strfmon()" Function Integer Overflow
Previous by thread: Re: freebsd-security Digest, Vol 246, Issue 1
Next by thread: Re: CVE-2008-1391 - Multiple BSD Platforms "strfmon()" Function Integer Overflow
Index(es):
- Date
- Thread

Visit your host, monkey.org