#2058 closed defect (wontfix)

RPC library audit required

Reported by: Sebastian Huber Owned by: Eric Norum
Priority: low Milestone: 4.11.2
Component: network/legacy Version: 4.11
Severity: critical Keywords:
Cc: ralf.corsepius@… Blocked By:
Blocking:

Description (last modified by Sebastian Huber)

The RPC library needs an audit to verify that it is up to data. Some security problems existed in the SUN implementation, e.g

http://www.cert.org/advisories/CA-2003-10.html

Maybe it makes sense to use the recent FreeBSD or OpenBSD version.

Change History (5)

comment:1 Changed on Apr 26, 2012 at 1:37:54 PM by Ralf Corsepius

Cc: Ralf Corsepius added

comment:2 Changed on Apr 27, 2012 at 7:07:45 AM by Sebastian Huber

Ok, maybe its worth to use the Newlib RPC version. Another option is to look at the 16-bit changes and merge them into the current FreeBSD or OpenBSD version. The cited problem is probably not the only one.

comment:3 Changed on Nov 24, 2014 at 6:58:28 PM by Gedare Bloom

Version: HEAD4.11

Replace Version=HEAD with Version=4.11 for the tickets with Milestone >= 4.11

comment:4 Changed on Dec 18, 2014 at 11:13:38 AM by Sebastian Huber

Description: modified (diff)
Milestone: 4.115.0
Priority: normallow
Severity: normalcritical

comment:5 Changed on Aug 14, 2017 at 12:37:03 AM by Chris Johns

Milestone: 5.04.11.2
Resolution: wontfix
Status: newclosed

This will not be fixed in the legacy stack. Use the newer libbsd stack.

Note: See TracTickets for help on using tickets.