COMMAND

    vacation

SYSTEMS AFFECTED

    HP 9000 series 700/800 running HP-UX releases 9.X, 10.X and 11.0.

PROBLEM

    The  vacation  program  shipped  with  HP-UX  in /usr/bin/vacation
    suffers from  a fault  in that  it misunderstands  it's inputs and
    invokes sendmail with  the wrong parameters.   Both sendmail  5.65
    and  8.7.6  are  vulnerable  to  this  malady.   Also the vacation
    program ignores a TO: header when the "O" is upper case.

SOLUTION

    Install the applicable patch:

        HP-UX revision 11.X for HP9000 Series 7/800:       PHNE_16295
        HP-UX revision 10.24 for HP9000 Series 7/800:      PHNE_16955
        HP-UX revision 10.20 for HP9000 Series 7/800:      PHNE_14042
        HP-UX revision 10.0X-10 for HP9000 Series 7/800:   PHNE_16726
        HP-UX revision 9.X  for HP9000 Series 7/800:       PHNE_16725