CERT* Advisory CA-97.26
Topic: Buffer Overrun Vulnerability in statd(1M) Program
[ ... ]
The NetBSD project
NetBSD is not vulnerable to the statd buffer overflow. It does not ship
with NFS locking programs (statd/lockd).
NetBSD 1.3 does (will :-) ship with rpc.statd and rpc.lockd. they have no
known vulnerabilities. auscert have already updated their advisory.