Notified: April 03, 2002 Updated: April 04, 2002
Not Affected
lbxproxy(1) is not shipped with Mac OS X or Mac OS X Server.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: April 03, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: April 04, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: April 04, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: April 04, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: April 04, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 05, 2002 Updated: April 11, 2002
Not Affected
Cray, Inc. will not be affected by VU#188507 because lbxproxy is not included in Unicos or Unicos/mk.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: April 04, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: April 04, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: April 04, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: April 04, 2002
Not Affected
Fujitsu's UXP/V operating system is not affected because it does not support the Low BandWidth X proxy functionality.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: August 19, 2002
Affected
HP has released patches to correct the buffer overflow in lbxproxy. Since this is not a security issue on HP-UX we do not plan to issue a security bulletin. These patches corrected the lbxproxy overflow: 10.20 PHSS_25293 :Xserver: 11.00 PHSS_26566 :Xserver: 11.11 PHSS_26577 :Xserver: 11.04 PHSS_27542 :VVOS:Xserver:
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: April 05, 2002
Not Affected
IBM's AIX operating system, versions 4.3.x and 5.1, is not susceptible to this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: June 12, 2002
Not Affected
This issue does not apply to Lotus products.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: April 04, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: April 04, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: April 05, 2002
Not Affected
[Server Products] * EWS/UP 48 Series - are NOT vulnerable, since 48 series OS do not support the "lbxproxy".
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: April 04, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: April 04, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: April 04, 2002
Not Affected
Not exploitable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: April 04, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: April 04, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: April 03, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: April 04, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: April 11, 2002
Not Affected
lbxproxy is not sgid root in IRIX, and IRIX doesn't appear to be vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: April 04, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: August 19, 2002
Affected
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44842
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: April 04, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 03, 2002 Updated: April 04, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: April 15, 2002 Updated: April 19, 2002
Not Affected
XFree86 doesn't install lbxproxy either set-uid or set-gid, so with a standard XFree86 build/install it isn't possible to exploit this.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.