COMMAND

    xlock

SYSTEMS AFFECTED

    HP9000 Series 700/800s running:
      HP-UX 10.24 (VVOS) with VirtualVault A.02.00 with patch PHSS_9905.
      HP-UX  10.24  (VVOS)  with  VirtualVault A.03.00 with Extensions
      Software (this includes PHSS_9905)

PROBLEM

    The xlock  program allows  a user  to "lock"  an X  terminal while
    maintaining their login session.  A vulnerability exists in  xlock
    that could allow a local user to attain unauthorized access to the
    system.   Vulnerabilities exist  in xlock  on VirtualVault 2.0/3.0
    if patch PHSS_9905 is installed.

SOLUTION

    This problem can be eliminated by applying the recommended  patch.
    Hewlett-Packard recommends that the PHSS_12961 patch be applied if
    PHSS_9905  has  already  been  installed.   The PHSS_9905 patch is
    included   in   the   Software   Extension   Media  provided  with
    VirtualVault A.03.00.