COMMAND

	Compaq Tru64 libc environment variables overflow leads to local root

SYSTEMS AFFECTED

	 Compaq Tru64 UNIX V4.0F

	 Compaq Tru64 UNIX V5.0

	 Compaq Tru64 UNIX V5.1

	 Compaq Tru64 UNIX V5.1A

	

PROBLEM

	In Noboru Yoshinaga [yosinaga@lac.co.jp] SNS Advisory No.51 :
	

	Libc included with Compaq Tru64 UNIX is vulnerable to a buffer  overflow
	due to a flaw in the handling of  the  environment  variables  LANG  and
	LOCPATH. Local attackers could elevate privileges by using  a  SUID/SGID
	executable file that links to the vulnerable libc.

SOLUTION

	This problem can be eliminated by applying an appropriate patch to  your
	Tru64 UNIX version based on the information in the following URL:
	 

	http://ftp.support.compaq.com/patches/.new/html/SSRT-541.shtml