https://community.hpe.com/t5/operating-system-hp-ux/cde-rpc-cmsd-server-remotely-exploitable-buffer-overflow/m-p/3338436#M190233 Steve,<BR /><BR />To further that thought, that defect was reported in 1999, 11i was released in June of 2000. If we look at the recommended patch for 11.0 (PHSS_19483 - 1999/08/09), we see that the recommended patch is PHSS_30010 - 2003/11/10. If we look at PHSS_30010, we find that it still mentions the PHSS_19483 fix, but if we look at the equivalent 11i patch (PHSS_30011), there is no mention of the PHSS_19483 fix.<BR /><BR />This also leads me to believe that the fix was already rolled into the code.<BR /><BR /><BR />Pete Thu, 22 Jul 2004 05:51:11 GMT Pete Randall 2004-07-22T05:51:11Z https://community.hpe.com/t5/operating-system-hp-ux/cde-rpc-cmsd-server-remotely-exploitable-buffer-overflow/m-p/3338434#M190231 Recent sercurity scan on hpux 11.11 servers detected following Vulnerability<BR /><BR />-----<BR />CDE rpc.cmsd server remotely exploitable buffer overflow (CVE-1999-0696)<BR /><BR />For HP-UX 10.20 and 11.00:<BR /><BR />Apply the appropriate patch for your system, as listed in Hewlett-Packard Security Bulletin HPSBUX9908-102. See References.<BR />--------<BR /><BR />My question is the above reference is only for 10.20 and 11.00 and i couldnt find relevant patches for hpux 11.11 <BR /><BR />Where can i find above security patch for hpux 11.11 ? <BR /><BR />Any suggestion ? Thu, 22 Jul 2004 05:29:51 GMT https://community.hpe.com/t5/operating-system-hp-ux/cde-rpc-cmsd-server-remotely-exploitable-buffer-overflow/m-p/3338434#M190231 Steve Bear_1 2004-07-22T05:29:51Z https://community.hpe.com/t5/operating-system-hp-ux/cde-rpc-cmsd-server-remotely-exploitable-buffer-overflow/m-p/3338435#M190232 Steve,<BR /><BR />The Security Bulletin says <BR /><BR />"PLATFORM: HP-9000 Series 700/800 HP-UX releases 10.2X, 10.30, 11.00."<BR /><BR />I believe the specific exclusion of 11.11 indicates that the fix has been incorporated in the release and the problem does not exist in 11.11.<BR /><BR /><BR />Pete Thu, 22 Jul 2004 05:39:22 GMT https://community.hpe.com/t5/operating-system-hp-ux/cde-rpc-cmsd-server-remotely-exploitable-buffer-overflow/m-p/3338435#M190232 Pete Randall 2004-07-22T05:39:22Z https://community.hpe.com/t5/operating-system-hp-ux/cde-rpc-cmsd-server-remotely-exploitable-buffer-overflow/m-p/3338436#M190233 Steve,<BR /><BR />To further that thought, that defect was reported in 1999, 11i was released in June of 2000. If we look at the recommended patch for 11.0 (PHSS_19483 - 1999/08/09), we see that the recommended patch is PHSS_30010 - 2003/11/10. If we look at PHSS_30010, we find that it still mentions the PHSS_19483 fix, but if we look at the equivalent 11i patch (PHSS_30011), there is no mention of the PHSS_19483 fix.<BR /><BR />This also leads me to believe that the fix was already rolled into the code.<BR /><BR /><BR />Pete Thu, 22 Jul 2004 05:51:11 GMT https://community.hpe.com/t5/operating-system-hp-ux/cde-rpc-cmsd-server-remotely-exploitable-buffer-overflow/m-p/3338436#M190233 Pete Randall 2004-07-22T05:51:11Z https://community.hpe.com/t5/operating-system-hp-ux/cde-rpc-cmsd-server-remotely-exploitable-buffer-overflow/m-p/3338437#M190234 you right Pete, even the patch equivalency table says PHSS_19483 has been fixed in 11.11.<BR /><BR />I'll write back to security guys and find out the reason why they have reported this for 11.11.<BR /><BR />Thanks, <BR /> Thu, 22 Jul 2004 06:11:16 GMT https://community.hpe.com/t5/operating-system-hp-ux/cde-rpc-cmsd-server-remotely-exploitable-buffer-overflow/m-p/3338437#M190234 Steve Bear_1 2004-07-22T06:11:16Z