Re: CIAC Bulletin H-13: IBM AIX(r) Security Vulnerabilities

[zen () trouble org (d)]

>                        The U.S. Department of Energy
>                     Computer Incident Advisory Capability
[...]
>           IBM AIX(r) Security Vulnerabilities (gethostbyname,lquerypv)
> PROBLEM:       Two problems have been identified in IBM AIX: (1) Possible
>                buffer overrun condition in "gethostbyname()" library function,

Can anyone tell me what a "possible buffer overrun condition" is?  Are they
saying that they don't know, or they just read it somewhere (couldn't
imagine where) and want to cover their ass?

Sorry, no new bug info.  A security tidbit - a new satan release is tentatively
scheduled for (late) jan; more info will be posted as wietse and I get our
stuff together.  Send us your remote bug checks to be included ;-)

-- d