Compaq Computer Corporation Information for VU#745371

Multiple vendor telnet daemons vulnerable to buffer overflow via crafted protocol options

Status

Not Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________
SOURCE: Compaq Computer Corporation
Compaq Services
Software Security Response Team USA

Compaq case id SSRT0745U

ref: potential telnetd option handling vulnerability

x-ref: TESO Security Advisory 06/2001
CERT CA2001-21 Advisory 07/2001


Compaq has evaluated this vulnerability to telnetd
distributed for Compaq Tru64/UNIX and OpenVMS Operating
Systems Software and has determined that telnetd is not
vulnerable to unauthorized command execution or
root compromise.

Compaq appreciates your cooperation and patience.
We regret any inconvenience applying this information
may cause.

As always, Compaq urges you to periodically review your system
management and security procedures. Compaq will continue to
review and enhance the security features of its products and work
with customers to maintain and improve the security and integrity
of their systems.

To subscribe to automatically receive future NEW Security
Advisories from the Compaq's Software Security Response Team
via electronic mail,

Use your browser select the URL
http://www.support.compaq.com/patches/mailing-list.shtml
Select "Security and Individual Notices" for immediate dispatch
notifications directly to your mailbox.

To report new Security Vulnerabilities, send mail to:
security-ssrt@compaq.com

(c) Copyright 2001 Compaq Computer Corporation. All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBO2C5JjnTu2ckvbFuEQKmqwCg/m87d9k22+qV5GY2vJAR409KFD4AoIbR
vsQaZ9DOI4D4sj5Feg4bRZmS
=F5Nq
-----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.