Apple Computer Inc. Not Affected

Notified:  September 12, 2002 Updated: September 16, 2002

Status

Not Affected

Vendor Statement

Regarding VU#169059 - X11 vulnerable to buffer overflow, we do not ship the X11 libraries in Mac OS X or Mac OS X Server. This means that Mac OS X and Mac OS X Server are not vulnerable to this problem unless a user adds the X11 libraries on their own.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Hewlett-Packard Company Not Affected

Notified:  September 12, 2002 Updated: March 24, 2003

Status

Not Affected

Vendor Statement

Source: Hewlett-Packard Company Software Security Response Team cross reference id: SSRT2275 HP-UX - not vulnerable HP-MPE/ix - not vulnerable HP Tru64 UNIX - not vulnerable HP OpenVMS - not vulnerable HP NonStop Servers - not vulnerable To report potential security vulnerabilities in HP software, send an E-mail message to: mailto:security-alert@hp.com

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

MontaVista Software Not Affected

Notified:  September 12, 2002 Updated: September 16, 2002

Status

Not Affected

Vendor Statement

None of our products are vulnerable to this issue.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Openwall GNU/*/Linux Not Affected

Notified:  September 12, 2002 Updated: September 16, 2002

Status

Not Affected

Vendor Statement

We don't re-distribute X11.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

The SCO Group (SCO UnixWare) Affected

Notified:  January 28, 2002 Updated: September 13, 2002

Status

Affected

Vendor Statement

Any command linked to this library that accepts the -xrm option [including xterm] will core dump if a long string is used as the argument. Any setuid setgid program that accepts the -xrm option is vulnerable to attack. We now have fixes for this issue for both Open UNIX and UnixWare on our security website: http://stage.caldera.com/support/security/ as advisory CSSA-2002-SCO.15.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.