US-CERT Warning
Gerard
gerard at seibercom.net
Mon Mar 31 13:31:10 PDT 2008
I seems that US-Cert has issued a 'High Vulnerability' warning regarding
FreeBSD. This is the URL:
http://www.us-cert.gov/cas/bulletins/SB08-091.html
A snippet of the warning:
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x,
and probably other BSD and Apple Mac OS platforms allow
context-dependent attackers to execute arbitrary code via large values
of certain integer fields in the format argument to (1) the strfmon
function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro;
and (2) the printf function, related to left_prec and right_prec.
--
Gerard
gerard at seibercom.net
Sleep -- the most beautiful experience in life -- except drink.
W.C. Fields
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20080331/38378b63/signature.pgp
More information about the freebsd-questions
mailing list