Apple Computer Inc. Not Affected

Notified:  August 16, 2002 Updated: August 16, 2002

Status

Not Affected

Vendor Statement

Mac OS X and Mac OS X Server do not contain the vulnerability described in this report.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Cisco Systems Inc. Not Affected

Updated:  August 21, 2002

Status

Not Affected

Vendor Statement

None of the products are vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

FreeBSD Not Affected

Notified:  August 16, 2002 Updated: August 16, 2002

Status

Not Affected

Vendor Statement

FreeBSD is unaffected.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NEC Corporation Not Affected

Updated:  August 26, 2002

Status

Not Affected

Vendor Statement

sent on August 26, 2002 [Server Products] * EWS/UP 48 Series operating system - is NOT vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

NetBSD Not Affected

Notified:  August 16, 2002 Updated: August 16, 2002

Status

Not Affected

Vendor Statement

We have examined this issue, and no vesion of NetBSD is vulnerable to it.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Nortel Networks Unknown

Notified:  August 16, 2002 Updated: December 03, 2002

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

OpenBSD Affected

Updated:  August 15, 2002

Status

Affected

Vendor Statement

See http://www.openbsd.org/errata.html#scarg.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Openwall GNU/*/Linux Not Affected

Updated:  September 09, 2002

Status

Not Affected

Vendor Statement

Openwall GNU/*/Linux is not vulnerable. In fact, none of Linux 2.0, 2.2, and 2.4 are. As the corresponding limits are configurable on 2.2 and 2.4 and in order to be safe in case of future code changes, we're, however, also adding redundant defensive hard-coded limits right into both select(2) and poll(2). More detail: Linux 2.0 only has select(2) and a hard-coded limit. Linux 2.2 and 2.4 have both calls and configurable limits, but expand_fd_array() and expand_fdset() wouldn't let files->max_fds and files->max_fdset grow beyond a defensive hard-coded limit, even if a higher limit has been set via procfs or sysctl. And it's precisely files->max_fds and files->max_fdset which are used by select(2) and poll(2).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sun Microsystems Inc. Not Affected

Updated:  December 13, 2002

Status

Not Affected

Vendor Statement

Sun is not affected by this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.