From Rich.Boren@COMPAQ.com Tue Nov 13 17:00:46 2001 From: "Boren, Rich (SSRT)" To: bugtraq@securityfocus.com Date: Tue, 13 Nov 2001 07:35:24 -0700 Subject: FW: [advisory] SSRT0767u Potential rpc.ttdbserverd buffer overflow [The following text is in the "iso-8859-1" character set] [Your display is set for the "US-ASCII" character set] [Some characters may be displayed incorrectly] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - second attempt - NO RESTRICTION FOR DISTRIBUTION PROVIDED THE ADVISORY REMAINS INTACT TITLE: SSRT0767U Potential rpc.ttdbserverd buffer overflow CASE ID: SSRT0767U (X-REF: CVE CAN-2001-0717, x-force 02-oct-2001, CERT CA-2001-27) SOURCE: Compaq Computer Corporation Software Security Response Team DATE: 02-Oct-2001 (c) Copyright 2001 Compaq Computer Corporation. All rights reserved. "Compaq is broadly distributing this Security Advisory in order to bring to the attention of users of Compaq products the important security information contained in this Advisory. Compaq recommends that all users determine the applicability of this information to their individual situations and take appropriate action. Compaq does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, Compaq will not be responsible for any damages resulting from user's use or disregard of the information provided in this Advisory." Severity: low This potential security vulnerability has not been reproduced for any release of Compaq Tru64 Unix. However with the information available, we are providing a patch that will further reduce any potential vulnerability. A patch has been made available for all supported versions of Tru64/ DIGITAL UNIX V4.0f, V4.0g, V5.0a, V5.1, and V5.1a. To obtain a patch for prior versions contact your normal Compaq Services support channel. *This solution will be included in a future distributed release of Compaq's Tru64 / DIGITAL UNIX. The patches identified are available from the Compaq FTP site http://ftp1.support.compaq.com/public/dunix/ then choose the version directory needed and search for the patch by name. The patch names are: DUV40F17-C0056200-11703-ER-20010928.tar T64V40G17-C0007000-11704-ER-20010928.tar T64V50A17-C0015500-11705-ER-20010928.tar T64V5117-C0065200-11706-ER-20010928.tar T64V51Assb-C0000800-11707-ER-20010928.tar To subscribe to automatically receive future NEW Security Advisories from the Software Security Response Team at Compaq via electronic mail, Use your browser to get to the http://www.support.compaq.com/patches/mailing-list.shtml and sign up. Select "Security and Individual Notices" for immediate dispatch notifications. To report a potential security vulnerability for Compaq products, send email to security-ssrt@compaq.com If you need further information, please contact your normal Compaq Services support channel. Compaq appreciates your cooperation and patience. As always, Compaq urges you to periodically review your system management and security procedures. Compaq will continue to review and enhance the security features of its products and work with customers to maintain and improve the security and integrity of their systems. -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.1 iQA/AwUBO/EvyTnTu2ckvbFuEQLQhACfWt1lpV3AEeOD3cVKVOYo/TqnVHkAoI31 6XqczR+bp0YpmPf+GYscSoNI =7WNr -----END PGP SIGNATURE-----