Subject: Re: Strange statement
To: Jason Thorpe <thorpej@nas.nasa.gov>
From: Bill Studenmund <skippy@macro.stanford.edu>
List: current-users
Date: 02/13/1998 15:29:27
On Fri, 13 Feb 1998, Jason Thorpe wrote:
> On Fri, 13 Feb 1998 14:43:00 -0800
> Greg Wohletz <greg@duke.CS.UNLV.EDU> wrote:
>
> > From:
> >
> > http://www.cert.org/pub/advisories/CA-97.26.statd.html
> >
> >
> > The NetBSD project
> >
> > NetBSD is not vulnerable to the statd buffer overflow. It does not ship
> > with NFS locking programs (statd/lockd).
> >
> >
> >
> > What exactly does this mean? My netbsd 1.3 systems certainly all have
> > lockd/statd. Are they vunerable to this buffer overrun bug or not?
>
> As of the latest release at the time the announcement was made, NetBSD
> did not have statd/lockd. The statd/lockd that NetBSD 1.3 ships with
> are NOT vulnerable to the overflow described in the report.
Could we amend the statement to reflect 1.3's shipping with a NOT
vulnerable statd/lockd?
Take care,
Bill