Compaq Computer Corporation Affected

Notified:  March 09, 2001 Updated: April 30, 2002

Status

Affected

Vendor Statement

COMPAQ COMPUTER CORPORATION x-reference: case id SSRT1-78U At the time of writing this document, patches(binary kits) are in progress and final testing is expected to begin soon. Compaq will provide notice of the completion/availibility of the patches through AES services (DIA, DSNlink FLASH) and be available from your normal Compaq Support channel.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Cray Not Affected

Updated:  December 20, 2001

Status

Not Affected

Vendor Statement

UNICOS and UNICOS/mk are not vulnerable to either of these two [issues]. For further information see Cray SPR 721061.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The other issue Cray is responding to is VU#595507.

Hewlett Packard Affected

Updated:  August 22, 2001

Status

Affected

Vendor Statement

Please see HPSBUX0105-151: Security Vulnerabilities in CDE on HP-UX at http://www.itresourcecenter.hp.com/

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

IBM Affected

Notified:  March 01, 2001 Updated: December 19, 2001

Status

Affected

Vendor Statement

IBM's AIX operating system is vulnerable. We have developed official fixes to close this vulnerability. Customers who run AIX 4.3.x should apply APAR #IY21539. Customers who run AIX 5.1 should apply APAR #IY20917. See http://techsupport.services.ibm.com/rs6k/fixdb.html to obtain these APARs.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Open Group Affected

Notified:  August 15, 2001 Updated: December 17, 2001

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

SGI Unknown

Notified:  March 01, 2001 Updated: December 17, 2001

Status

Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sun Affected

Updated:  March 05, 2001

Status

Affected

Vendor Statement

The following patches have been made avaialble: 108949-04: CDE 1.4: libDtHelp/libDtSvc patch 108950-04: CDE 1.4_x86: litDtHelp/libDtSvc patch

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Xi Graphics Unknown

Notified:  October 03, 2001 Updated: December 17, 2001

Status

Unknown

Vendor Statement

Xi Graphics is investigating this report and will provide more information when it is available.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.