HPUX disable buffer overflow vulnerability

[HP S/W Security Team <secure () hpchs cup hp com>]

-----BEGIN PGP SIGNED MESSAGE-----

We have contacted Davide Del Vecchio and confirmed that the
the buffer overflow in disable(1) does not occur with the 
patches recommended in HPSBUX0208-213, which says in part:

 -----------------------------------------------------------------
 HEWLETT-PACKARD COMPANY SECURITY BULLETIN: HPSBUX0208-213
 Originally issued: 26 Aug 2002
 -----------------------------------------------------------------

 ------------------------------------------------------------------
PROBLEM:  Potential buffer overflows in lp subsystem

PLATFORM: HP9000 Servers running HP-UX releases 10.20, 11.00, and
          11.11 (11i).

DAMAGE:   Potential denial of service to lp subsystem,

SOLUTION: Install the applicable patch for the OS release:
              HP-UX 10.20          PHCO_27133,
              HP-UX 11.00          PHCO_27132,
              HP-UX 11.11          PHCO_27020.

MANUAL ACTIONS: none

AVAILABILITY:  The patches are available now on itrc.hp.com.

 ------------------------------------------------------------------

Please send any questions to security-alert () hp com.

Yours truly,
 SOFTWARE SECURITY RESPONSE TEAM (SSRT)
 Hewlett-Packard Company
 HP Services
 
 Join our (pre-merger) HP SECURITY BULLETIN MAILING LIST!
 http://itrc.hp.com
 In the left most frame select "Maintenance and Support"
 Under the "Notifications" section (near the bottom of the page),
 select "Support Information Digests".

 JOIN OUR (pre-merger) COMPAQ CUSTOMER SECURITY BULLETIN MAILING
LIST!
 http://www.support.compaq.com/patches/mailing-list.shtml 


-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3

iQCVAwUBPk1LKkb+N2sIuD1FAQH5GAP/eFlIR+reuyR2bzb4Axuldj5zZfohLT/S
IRnRsa7Yo2OoPNcdgQH/vMSKc9T6z4UCqZum/0gYHZIKurOEcb0eQ++op+gL3sOx
Cy8uMSQC7Md8bk2IMCACJoiGKasnyeyZ8DlMT3GXyzu5G00at69DMaBIEma3AbzW
QRoVs4ZUDr8=
=oGd6
-----END PGP SIGNATURE-----