US-CERT Warning

Gerard gerard at seibercom.net
Mon Mar 31 13:31:10 PDT 2008


I seems that US-Cert has issued a 'High Vulnerability' warning regarding
FreeBSD. This is the URL:

	http://www.us-cert.gov/cas/bulletins/SB08-091.html

A snippet of the warning:

Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x,
and probably other BSD and Apple Mac OS platforms allow
context-dependent attackers to execute arbitrary code via large values
of certain integer fields in the format argument to (1) the strfmon
function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro;
and (2) the printf function, related to left_prec and right_prec.

-- 
Gerard
gerard at seibercom.net

Sleep -- the most beautiful experience in life -- except drink.

	W.C. Fields
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20080331/38378b63/signature.pgp


More information about the freebsd-questions mailing list