Hewlett-Packard Company Information for VU#188507

Low BandWidth X proxy vulnerable to buffer overflow via crafted display command line option



Vendor Statement

HP has released patches to correct the buffer overflow in lbxproxy. Since this is not a security issue on HP-UX we do not plan to issue a security bulletin.

These patches corrected the lbxproxy overflow:

10.20 PHSS_25293 :Xserver:
11.00 PHSS_26566 :Xserver:
11.11 PHSS_26577 :Xserver:
11.04 PHSS_27542 :VVOS:Xserver:

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.