Re: LibC openBSD affected ?

2016-12-08 Thread Mihai Popescu 
| I feel so much safer.  CERT is still performing a role they don't understand.


Could you detail, please? It's too short to get it as a joke or as a
serious thing.

Re: LibC openBSD affected ?

2016-12-07 Thread Theo de Raadt 
> On Wed, 07 Dec 2016 13:25:48 +0100, "Peter N. M. Hansteen" wrote:
> 
> > Yes. See http://www.tedunangst.com/flak/post/who-even-calls-link-ntoa
> 
> Right, link_ntoa(3) is not called with untrusted input so this is
> a very minor issue.  Also, route and netstat are not setuid or
> setgid on OpenBSD.

I feel so much safer.  CERT is still performing a role they don't understand.

Re: LibC openBSD affected ?

2016-12-07 Thread Todd C. Miller 
On Wed, 07 Dec 2016 13:25:48 +0100, "Peter N. M. Hansteen" wrote:

> Yes. See http://www.tedunangst.com/flak/post/who-even-calls-link-ntoa

Right, link_ntoa(3) is not called with untrusted input so this is
a very minor issue.  Also, route and netstat are not setuid or
setgid on OpenBSD.

 - todd

Re: LibC openBSD affected ?

2016-12-07 Thread Peter N. M. Hansteen 
On 12/06/16 21:40, carlos albino garcia grijalba wrote:
> its openbsd affected by http://tinyurl.com/js2vd28 ?
> 
> Vulnerability Note VU#548487 - BSD libc contains a buffer overflow
> vulnerability
> tinyurl.com
> The BSD libc library is vulnerable to a classic buffer overflow.

Yes. See http://www.tedunangst.com/flak/post/who-even-calls-link-ntoa

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: LibC openBSD affected ?

2016-12-06 Thread Todd C. Miller 
On Tue, 06 Dec 2016 20:40:47 +, carlos albino garcia grijalba wrote:

> its openbsd affected by http://tinyurl.com/js2vd28 ?

Yes, the same code is present in OpenBSD.

 - todd

LibC openBSD affected ?

2016-12-06 Thread carlos albino garcia grijalba 
its openbsd affected by http://tinyurl.com/js2vd28 ?

Vulnerability Note VU#548487 - BSD libc contains a buffer overflow
vulnerability
tinyurl.com
The BSD libc library is vulnerable to a classic buffer overflow.