-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Circa 2002-12-02 10:03:20 -0800 dixit Muhammad Faisal Rauf Danka: : CERT Advisory CA-2002-34 Buffer Overflow in Solaris X Window Font Service : : Original release date: November 25, 2002 : Last revised: -- : Source: CERT/CC : : A complete revision history can be found at the end of this file. [...] : Overview : : The Solaris X Window Font Service (XFS) daemon (fs.auto) contains a : remotely exploitable buffer overflow vulnerability that could allow an : attacker to execute arbitrary code or cause a denial of service. [...] : Appendix A. - Vendor Information [...] : OpenBSD : : We do not have XFS. Not true. Observe: - -------- cut here -------- $ rsync -av --partial rsync://ftp3.usa.openbsd.org/ftp/3.2/i386/xbase32.tgz . Welcome to ftp.usa.OpenBSD.org in Boulder, CO. For other mirror sites visit http://www.openbsd.org/ftp.html _____ ____ _____ _____ / ___ \ | _ \ / ____| __ \ / / / /___ ___ ____ | |_) | (___ | | | | / / / / __ \/ _ \/ __ \| _ < \___ \| | | | / /__/ / /_/ / __/ / / /| |_) |____) | |__| | \_____/ .___/\___/_/ /_/ |____/|_____/|_____/ /_/ | . The proactively secure Unix-like . |L /| . Operating System. _ . |\ _| \--+._/| . Please visit the OpenBSD web site / ||\| Y J ) / |/| ./ at http://www.openbsd.org/ J |)'( | ` F`.'/ -<| F __ .-< OpenBSD 3.2 has now been released! | / .-'. `. /-. L___ You can order a CD of OpenBSD 3.2 J \ < \ | | O\|.-' from http://www.openbsd.org/orders.html. _J \ .- \/ O | | \ |F CD sales are important to support the '-F -<_. \ .-' `-' L__ continued development of the project. __J _ _. >-' )._. |-' `-|.' /_. \_| F /.- . _.< You may mirror the OpenBSD ftp archive via: /' /.' .' `\ rsync -avz ftp.usa.openbsd.org::ftp /L /' |/ _.-'-\ rsync -avz ftp.usa.openbsd.org::ftp/sub/path /'J ___.---'\| |\ .--' V | `. ` To mirror the cvs repository please use SUP: |/`. `-. `._) http://www.openbsd.org/anoncvs.html#sup / .-.\ Or use CVSup, see: VK \ ( `\ http://www.openbsd.org/cvsup.html `.\ receiving file list ... done xbase32.tgz wrote 60674 bytes read 42124 bytes 1099.44 bytes/sec total size is 9043589 speedup is 87.97 $ gzip -dc xbase32.tgz |tar -tvf - |grep -i xfs - -rwxr-xr-x 1 root wheel 77824 Oct 2 16:50 ./usr/X11R6/bin/xfs - -rwxr-xr-x 1 root wheel 32768 Oct 2 16:50 ./usr/X11R6/bin/xfsinfo $ - -------- cut here -------- The X Font Server is clearly there, and has been since at least OpenBSD-3.0. I use it daily. Perhaps there was a miscommunication between CERT and the OpenBSD responder (for example, a misinterpretation of "XFS" as "SGI's XFS journalled filesystem")? - -- jim knoble | jmknoble@pobox.com | http://www.pobox.com/~jmknoble/ (GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491) "I am non-refutable." --Enik the Altrusian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (Linux) Comment: See http://www.pobox.com/~jmknoble/keys/ for my public key. iEYEARECAAYFAj3tPj0ACgkQKJ/qqBOBFJFrywCgil4tbcjh4AEDWw0j5SNVN9Sv QGAAn1cuG1Tj9REZh6P4Dvd+GbqSqXFa =i8lQ -----END PGP SIGNATURE-----
