Security Bug Doesn't Discriminate

← Back to Stories (view on slashdot.org)

Security Bug Doesn't Discriminate

Posted by timothy on Tuesday August 6, 2002 @11:55AM from the let's-see-where-it's-fixed-first dept.

An anonymous reader writes: "Despite all the fuss about Microsoft's booth at LinuxWorld next week, a security bug doesn't seem to care about the difference between open- and closed-source systems. The bug, found in a code library included in several popular applications, affects Windows 2000, Solaris, Mac OS X, and Linux, reports eWeek's Dennis Fisher."

3 of 28 comments (clear)

Min score:

Reason:

Sort:

Re:There is a difference ..... by Van+Halen · 2002-08-06 12:23 · Score: 3, Informative

According to the CERT advisory, the following (among others) have already released patches:
Apple (Mac OS X)
Debian (partial fix)
Glibc
MIT Kerberos
NetBSD
The following have not:
HP
IBM
Microsoft
RedHat
SGI
Sun
It may be interesting to see how quickly members of the second group catch up.

--
Say hello to zMac.
calloc() vuln by m0rph3us0 · 2002-08-06 12:34 · Score: 3, Informative

I believe this XDR vulnerabilty stems from a more serious problem in most implimentations of calloc()
The problem is created when the size of the ADT * numElements > a machine word
I'm parphrasing from this advisory on bugtraq
Re:Ah! Another "Derived" Work by Microsoft by Dahan · 2002-08-06 14:47 · Score: 3, Informative

FYI, MS's TCP stack isn't BSD-derived. Where do they use zlib, btw?