Date: Fri, 14 Feb 2003 12:08:19 -0800 (PST)
From: HP S/W Security Team <[email protected]>
To: [email protected]Subject: HPUX disable buffer overflow vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
We have contacted Davide Del Vecchio and confirmed that the
the buffer overflow in disable(1) does not occur with the
patches recommended in HPSBUX0208-213, which says in part:
-----------------------------------------------------------------
HEWLETT-PACKARD COMPANY SECURITY BULLETIN: HPSBUX0208-213
Originally issued: 26 Aug 2002
-----------------------------------------------------------------
------------------------------------------------------------------
PROBLEM: Potential buffer overflows in lp subsystem
PLATFORM: HP9000 Servers running HP-UX releases 10.20, 11.00, and
11.11 (11i).
DAMAGE: Potential denial of service to lp subsystem,
SOLUTION: Install the applicable patch for the OS release:
HP-UX 10.20 PHCO_27133,
HP-UX 11.00 PHCO_27132,
HP-UX 11.11 PHCO_27020.
MANUAL ACTIONS: none
AVAILABILITY: The patches are available now on itrc.hp.com.
------------------------------------------------------------------
Please send any questions to [email protected].
Yours truly,
SOFTWARE SECURITY RESPONSE TEAM (SSRT)
Hewlett-Packard Company
HP Services
Join our (pre-merger) HP SECURITY BULLETIN MAILING LIST!
http://itrc.hp.com
In the left most frame select "Maintenance and Support"
Under the "Notifications" section (near the bottom of the page),
select "Support Information Digests".
JOIN OUR (pre-merger) COMPAQ CUSTOMER SECURITY BULLETIN MAILING
LIST!
http://www.support.compaq.com/patches/mailing-list.shtml
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3
iQCVAwUBPk1LKkb+N2sIuD1FAQH5GAP/eFlIR+reuyR2bzb4Axuldj5zZfohLT/S
IRnRsa7Yo2OoPNcdgQH/vMSKc9T6z4UCqZum/0gYHZIKurOEcb0eQ++op+gL3sOx
Cy8uMSQC7Md8bk2IMCACJoiGKasnyeyZ8DlMT3GXyzu5G00at69DMaBIEma3AbzW
QRoVs4ZUDr8=
=oGd6
-----END PGP SIGNATURE-----
