US-CERT Warning

Gerard gerard at
Mon Mar 31 13:31:10 PDT 2008

I seems that US-Cert has issued a 'High Vulnerability' warning regarding
FreeBSD. This is the URL:

A snippet of the warning:

Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x,
and probably other BSD and Apple Mac OS platforms allow
context-dependent attackers to execute arbitrary code via large values
of certain integer fields in the format argument to (1) the strfmon
function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro;
and (2) the printf function, related to left_prec and right_prec.

gerard at

Sleep -- the most beautiful experience in life -- except drink.

	W.C. Fields
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url :

More information about the freebsd-questions mailing list