COMMAND

    CDE

SYSTEMS AFFECTED

    AIX 4.1, 4.2, 4.3
    Digital Equipment Corporation
    HP9000 Series 700/800s  running CDE on  HP-UX 10.10, HP-UX  10.20,
    HP-UX 10.24 (VVOS), HP-UX 11.00
    Sun Microsystems

PROBLEM

    The dtappgather program does not adequately check all  information
    passed to it  by users.   By exploiting these  vulnerabilities, an
    attacker can gain either unauthorized privileged access or  create
    a denial of service on the  system.  Local users are able  to gain
    write access  to arbitrary  files. This  can be  leveraged to gain
    privileged access.  Local users  may also be able to  remove files
    from arbitrary directories, thus causing a denial of service.

SOLUTION

    Digital Equipment Corporation
    ------------------------------
    At the time of writing this document, patches(binary kits) are  in
    progress. Distribution of the fix for this problem is expected  to
    begin   soon.      Digital    will   provide    notice   of    the
    completion/availability of the patches through AES services  (DIA,
    DSNlink FLASH) and be  available from your normal  Digital Support
    channel.

    Hewlett-Packard Company
    -----------------------
    Apply one of:

        PHSS_13723  HP-UX 10.10
        PHSS_13724  HP-UX 10.20
        PHSS_13725  HP-UX 10.30
        PHSS_13772  HP-UX 10.24
        PHSS_13406  HP-UX 11.00

    IBM Corporation
    ---------------
    The version of  dtappgather shipped with  AIX is vulnerable.   The
    following fixes are in progress:

        AIX 3.2:  not vulnerable; CDE not shipped in 3.2
        AIX 4.1:  IX73436
        AIX 4.2:  IX73437
        AIX 4.3:  IX73438

    Sun Microsystems, Inc.
    ----------------------

        105837-01 1.2
        105837-01 1.2_x86
        104498-02 1.02
        104500-02 1.02_x86
        104497-02 1.01
        104499-02 1.01_x86