Re: CERT Advisory CA-97.26 - statd

matthew green (mrg@ETERNA.COM.AU)
Tue, 09 Dec 1997 16:08:01 +1100

just an update for NetBSD on this issue:

CERT* Advisory CA-97.26
Topic: Buffer Overrun Vulnerability in statd(1M) Program
[ ... ]

The NetBSD project

NetBSD is not vulnerable to the statd buffer overflow. It does not ship
with NFS locking programs (statd/lockd).

NetBSD 1.3 does (will :-) ship with rpc.statd and rpc.lockd. they have no
known vulnerabilities. auscert have already updated their advisory.