
<div id="accordion" class="ui-accordion ui-widget ui-helper-reset">
  
  
  
    <div data-type="accordion-section" class="vinfo affected info" name="HP">
      
      <h3 class="accordion-header ui-accordion-header reloaded">
	<span class="vendor_name"><a href="#IAFY-54PKL4">HP </a>
	  <span class="vendor-icons">
	    
	    <i class="fas fa-bullhorn" aria-hidden="true" title="Vendor provided information"></i>
	    
	  </span>
	</span>
	<span class="vendor_status">
	  <span class="label alert">Affected</span> 
	</span>
      </h3>
      <div class="ui-accordion-content ui-helper-reset ui-widget-content ui-corner-bottom">
	<p>
	  
            Updated:&nbsp;&nbsp;November 21, 2001
            
	  </span>
	</p>
	
	<h3>Status</h3>
	<p><span class="label alert">Affected</span> </p>
	<h3>Vendor Statement</h3>
	<p>HP Support Information Digests o IT Resource Center World Wide Web Service If you subscribed through the IT Resource Center and would 
               like to be REMOVED from this mailing list, access the 
               IT Resource Center on the World Wide Web at: http://www.itresourcecenter.hp.com/ Login using your IT Resource Center User ID and Password. Then select Support Information Digests (located under 
               Maintenance and Support). You may then unsubscribe from the 
               appropriate digest. Digest Name: daily security bulletins digest 
                Created: Wed Nov 21 3:00:02 PST 2001 Table of Contents: Document ID Title HPSBUX0111-176 Sec. Vulnerability in rlpdaemon The documents are listed below. Document ID: HPSBUX0111-176 
            Date Loaded: 20011120 
                  Title: Sec. Vulnerability in rlpdaemon HEWLETT-PACKARD COMPANY SECURITY BULLETIN: #0176, 
                Originally issued: 20 November '01 The information in the following Security Bulletin should be 
            acted upon as soon as possible. Hewlett-Packard Company will 
            not be liable for any consequences to any customer resulting 
            from customer's failure to fully implement instructions in this 
            Security Bulletin as soon as possible. PROBLEM: An rlpdaemon logic flaw vulnerability has been 
                      reported to us that may allow a remote or local 
                      attacker to execute arbitrary code with superuser 
                      privilege. PLATFORM: HP9000 Servers running HP-UX releases 10.01, 10.10, 
                      10.20, 11.00, and 11.11. DAMAGE: Unauthorized access, increased privileges. SOLUTION: Apply the appropriate patch: 10.01 PHCO_25107, 
                               10.10 PHCO_25108, 
                               10.20 PHCO_25109, 
                               11.00 PHCO_25110, 
                               11.11 PHCO_25111. MANUAL ACTIONS: None AVAILABILITY: All patches are available now. The Common Vulnerabilities and Exposures (CVE) 
                          project has assigned the name CAN-2001-0817 to 
                          this issue. A. Background 
                A remotely exploitable buffer overflow in rlpdaemon has been 
                reported to HP. B. Recommended solution 
                The problem can be resolved by application of one of these 
                patches to the appropriate HP-UX release: 10.01 PHCO_25107, 
                               10.01 PHCO_25107, 
                               10.10 PHCO_25108, 
                               10.20 PHCO_25109, 
                               11.00 PHCO_25110, 
                               11.11 PHCO_25111. NOTE: HP-UX 10.24 and 11.04 (VVOS) are not vulnerable. C. To subscribe to automatically receive future NEW HP Security 
                Bulletins from the HP IT Resource Center via electronic 
                mail, do the following: Use your browser to get to the HP IT Resource Center page 
                at: http://itrc.hp.com Use the 'Login' tab at the left side of the screen to login 
                using your ID and password. Use your existing login or the 
                "Register" button at the left to create a login, in order to 
                gain access to many areas of the ITRC. Remember to save the 
                User ID assigned to you, and your password. In the left most frame select "Maintenance and Support". Under the "Notifications" section (near the bottom of 
                the page), select "Support Information Digests". To -subscribe- to future HP Security Bulletins or other 
                Technical Digests, click the check box (in the left column) 
                for the appropriate digest and then click the "Update 
                Subscriptions" button at the bottom of the page. or To -review- bulletins already released, select the link 
                (in the middle column) for the appropriate digest. To -gain access- to the Security Patch Matrix, select 
                the link for "The Security Bulletins Archive". (near the 
                bottom of the page) Once in the archive the third link is 
                to the current Security Patch Matrix. Updated daily, this 
                matrix categorizes security patches by platform/OS release, 
                and by bulletin topic. Security Patch Check completely 
                automates the process of reviewing the patch matrix for 
                11.XX systems. For information on the Security Patch Check tool, see: http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/ 
                displayProductInfo.pl?productNumber=B6834AA" The security patch matrix is also available via anonymous 
                ftp: ftp.itrc.hp.com:~ftp/export/patches/hp-ux_patch_matrix On the "Support Information Digest Main" page: click on the "HP Security Bulletin Archive". D. To report new security vulnerabilities, send email to security-alert@hp.com Please encrypt any exploit information using the 
                security-alert PGP key, available from your local key 
                server, or by sending a message with a -subject- (not body) 
                of 'get key' (no quotes) to security-alert@hp.com. Permission is granted for copying and circulating this 
                Bulletin to Hewlett-Packard (HP) customers (or the Internet 
                community) for the purpose of alerting them to problems, 
                if and only if, the Bulletin is not edited or changed in 
                any way, is attributed to HP, and provided such reproduction 
                and/or distribution is performed for non-commercial purposes. Any other use of this information is prohibited. HP is not 
                liable for any misuse of this information by any third party. -----End of Document ID: HPSBUX0111-176--------------------------------------</p>
	
	<h3>Vendor Information </h3>
	<p>The vendor has not provided us with any further information regarding this vulnerability.</p>
	
	
	
	<h3>Addendum</h3>
	<p>The CERT/CC has no additional comments at this time.</p>
	
      </div>
    </div>
    
  </div>