[19706] in bugtraq
HPUX Security Bulletin HPSBUX0103-146 - How Bad ?
daemon@ATHENA.MIT.EDU (Boyce, Nick)
Mon Mar 19 16:58:26 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-ID: <C1B2296C5D3ED11182DB00805F9A097E015064CD@GBHBM001>
Date: Mon, 19 Mar 2001 13:43:01 -0000
Reply-To: "Boyce, Nick" <nick.boyce@EDS.COM>
From: "Boyce, Nick" <nick.boyce@EDS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Usual question - anyone know how bad this one is ? The words "buffer
overflow" scare me :-)
===================< cut >===================
[...]
Digest Name: daily security bulletins digest
Created: Mon Mar 19 3:00:03 PST 2001
Document ID Title
--------------- -----------
HPSBUX0103-146 Sec. Vulnerability in crontab(1)
The documents are listed below.
----------------------------------------------------------------------------
---
Document ID: HPSBUX0103-146
Date Loaded: 20010318
Title: Sec. Vulnerability in crontab(1)
----------------------------------------------------------------------
HEWLETT-PACKARD COMPANY SECURITY BULLETIN: #0146, 19 Mar. '01
----------------------------------------------------------------------
The information in the following Security Bulletin should be
acted upon as soon as possible. Hewlett-Packard Company will
not be liable for any consequences to any customer resulting
from customer's failure to fully implement instructions in
this Security Bulletin as soon as possible.
----------------------------------------------------------------------
ISSUE: crontab(1) contains a buffer overflow.
PLATFORM: HP9000 Series 700 and 800 running HP-UX releases 11.00,
11.04, 10.20, 10.24, 10.10, and 10.01.
POSSIBLE RESULT: Users could compromise system availability.
SOLUTION: Apply patches for HP-UX releases as follows:
for 11.00: PHCO_22767,
11.04: PHCO_23429,
10.20: PHCO_22768,
10.24: PHCO_23455,
10.10: PHCO_22769,
10.01: PHCO_22770.
[snip]
===================< cut >===================
(I'll forward the whole thing if people want to see it)
> Nick Boyce
> EDS Healthcare, Bristol, UK
>
