FW: HPUX security bulletins digest

["Boyce, Nick" <nick.boyce () EDS COM>]

On 18th.Jan.2001, Ben Greenbaum forwarded this HP security alert :

[edited]

===================< cut >======================

---------- Forwarded message ----------
Date: Thu, 18 Jan 2001 04:02:29 -0800 (PST)
From: IT Resource Center <support_feedback () us-support external hp com>
To: security_info () us-support external hp com

Document ID:  HPSBUX0101-137
Date Loaded:  20010117
      Title:  Sec. Vulnerability in Support Tools Manager

----------------------------------------------------------------------
    HEWLETT-PACKARD COMPANY SECURITY BULLETIN: #0137, 18 Jan. '01
----------------------------------------------------------------------

ISSUE:  HP9000 series 700/800 Support Tools Manager (xstm,cstm,stm)

PLATFORM:  HP9000 Series 700 and 800 running HP-UX releases 11.11,
           11.00, and 10.20.

POSSIBLE RESULT: Users could cause a Denial of Service (DoS).

===================< cut >======================

HP have been a bit coy about it - does anyone know more detail ?
What kind of denial of service (file overwrite ?) ?
Locally or remotely exploitable ?

Cheers,

Nick
EDS Healthcare, Bristol, UK