COMMAND

    CDE

SYSTEMS AFFECTED

    HP9000  series  700/800,  HP-UX   releases  10.10,  10.20,   10.24
    and 10.30

PROBLEM

    Several buffer  overflow conditions  have been  identified in  the
    Common Desktop Environment (CDE).   suid/sgid CDE programs can  be
    exploited to increase privileges.

SOLUTION

    Install the applicable patches:

        PHSS_12137    10.10 CDE Runtime
        PHSS_12138    10.20 CDE Runtime
        PHSS_12139    10.20 CDE Developer's Kit
        PHSS_13046    10.24 CDE Runtime
        PHSS_12151    10.30 CDE Runtime
        PHSS_12152    10.30 CDE Developer's Kit

    NOTE: CDE was not offered on 10.0 and 10.01 releases of HP-UX.