Davide Del Vecchio

**Name of the Vulnerable Software and Affected Versions** Symantec FireWall/VPN Appliance model 200 **Description** The issue concerns the storage of a cleartext password for the password administration page. This password may be cached on the administrator's local system or in a proxy, allowing attackers to steal the password and gain privileges. **Recommendations** For Symantec FireWall/VPN Appliance model 200, consider changing the password administration page to use a secure method of storing passwords, and clear any cached credentials on the administrator's local system and in proxies to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** HP-UX versions B.10.20 through B.11.04 **Description** A buffer overflow issue exists in the rexec function on HP-UX. This issue may allow local users to gain privileges when the function is setuid root, by providing a long -l option. **Recommendations** For HP-UX versions B.10.20 through B.11.04, consider restricting the use of the rexec function when setuid root to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HP-UX version 11.00 **Description** A buffer overflow issue in the dtprintinfo function allows local users to gain root privileges by setting a long DISPLAY environment variable. **Recommendations** For HP-UX version 11.00, update the system to prevent exploitation of this issue. As a temporary workaround, consider restricting the length of the DISPLAY environment variable to prevent buffer overflow.