FW: [advisory] SSRT0767u Potential rpc.ttdbserverd buffer overflow

["Boren, Rich (SSRT)" <Rich.Boren () COMPAQ com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

         - second attempt -
    NO RESTRICTION FOR DISTRIBUTION
 PROVIDED THE ADVISORY REMAINS INTACT
 
  TITLE: SSRT0767U Potential rpc.ttdbserverd buffer overflow

  CASE ID: SSRT0767U
  (X-REF: CVE CAN-2001-0717, x-force 02-oct-2001, 
          CERT CA-2001-27) 

  SOURCE:  Compaq Computer Corporation     
           Software Security Response Team
    DATE:  02-Oct-2001

(c) Copyright 2001 Compaq Computer Corporation. All rights reserved.


  "Compaq is broadly distributing this Security Advisory in order
  to bring to the attention of users of Compaq products the
  important security information contained in this Advisory.
  Compaq recommends that all users determine the applicability of
  this information to their individual situations and take
  appropriate action.
   
  Compaq does not warrant that this information is necessarily
  accurate or complete for all user situations and, consequently,
  Compaq will not be responsible for any damages resulting from
  user's use or disregard of the information provided in this
  Advisory."

  Severity: low
   
   This potential security vulnerability has not been
   reproduced for any release of Compaq Tru64 Unix.
   However with the information available, we are providing
   a patch that will further reduce any potential
   vulnerability.
   
   A patch has been made available for all supported
   versions of Tru64/ DIGITAL UNIX V4.0f, V4.0g, V5.0a,
   V5.1, and V5.1a. To obtain a patch for prior versions
   contact your normal Compaq Services support channel.
   
   *This solution will be included in a future distributed 
   release of Compaq's Tru64 / DIGITAL UNIX.


  The patches identified are available from the Compaq FTP site
  http://ftp1.support.compaq.com/public/dunix/ then choose the
  version directory needed and search for the patch by name.
   
  The patch names are:

     DUV40F17-C0056200-11703-ER-20010928.tar
     T64V40G17-C0007000-11704-ER-20010928.tar
     T64V50A17-C0015500-11705-ER-20010928.tar
     T64V5117-C0065200-11706-ER-20010928.tar
     T64V51Assb-C0000800-11707-ER-20010928.tar


  To subscribe to automatically receive future NEW Security 
  Advisories from the Software Security Response Team at 
  Compaq via electronic mail, 

  Use your browser to get to the 
  http://www.support.compaq.com/patches/mailing-list.shtml 
  and sign up.   Select "Security and Individual Notices" for
  immediate dispatch notifications.

  To report a potential security vulnerability for Compaq
  products, send email to security-ssrt () compaq com 

  If you need further information, please contact your normal 
  Compaq Services support channel.

  Compaq appreciates your cooperation and patience. As always, 
  Compaq urges you to periodically review your system management 
  and security procedures.  Compaq will continue to review and 
  enhance the security features of its products and work
  with customers to maintain and improve the security and 
  integrity of their systems.

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBO/EvyTnTu2ckvbFuEQLQhACfWt1lpV3AEeOD3cVKVOYo/TqnVHkAoI31
6XqczR+bp0YpmPf+GYscSoNI
=7WNr
-----END PGP SIGNATURE-----