Software Engineering Institute

Notified:  August 16, 2002 Updated: August 16, 2002

Status

Not Affected

Vendor Statement

Mac OS X and Mac OS X Server do not contain the vulnerability described in this report.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Updated:  August 21, 2002

Status

Not Affected

Vendor Statement

None of the products are vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Notified:  August 16, 2002 Updated: August 16, 2002

Status

Not Affected

Vendor Statement

FreeBSD is unaffected.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Updated:  August 26, 2002

Status

Not Affected

Vendor Statement

sent on August 26, 2002

[Server Products]

* EWS/UP 48 Series operating system
- is NOT vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Notified:  August 16, 2002 Updated: August 16, 2002

Status

Not Affected

Vendor Statement

We have examined this issue, and no vesion of NetBSD is vulnerable to it.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Updated:  September 09, 2002

Status

Not Affected

Vendor Statement

Openwall GNU/*/Linux is not vulnerable. In fact, none of Linux 2.0, 2.2, and 2.4 are. As the corresponding limits are configurable on 2.2 and 2.4 and in order to be safe in case of future code changes, we're, however, also adding redundant defensive hard-coded limits right into both select(2) and poll(2).

More detail:

Linux 2.0 only has select(2) and a hard-coded limit.

Linux 2.2 and 2.4 have both calls and configurable limits, but expand_fd_array() and expand_fdset() wouldn't let files->max_fds and files->max_fdset grow beyond a defensive hard-coded limit, even if a higher limit has been set via procfs or sysctl. And it's precisely files->max_fds and files->max_fdset which are used by select(2) and poll(2).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Updated:  December 13, 2002

Status

Not Affected

Vendor Statement

Sun is not affected by this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.