CVE-2008-1391 - Multiple BSD Platforms "strfmon()" Function Integer
Overflow
stheg olloydson
stheg_olloydson at yahoo.com
Sun Apr 6 20:13:52 UTC 2008
Hello,
According to the information at mitre.org, both 6.x and 7.0 are
vulnerable. I see in NetBSD's CVS log for
src/lib/libc/stdlib/strfmon.c, they have patched this on March
27.
Looking at FreeBSD's CVS log at
http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libc/stdlib/strfmon.c,
shows that no changes have been made since Mon Sep 12, 2005.
Is our strfmon() not vulnerable as reported?
stheg
____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.
http://tc.deals.yahoo.com/tc/blockbuster/text5.com
More information about the freebsd-security
mailing list