Yang Jilong

**Name of the Vulnerable Software and Affected Versions** Software Distributor utilities for HP-UX versions B.11.00 through B.11.11 **Description** A buffer overflow issue exists in the Software Distributor utilities for HP-UX, allowing local users to execute arbitrary code. This is achieved by setting a long LANG environment variable when using setuid programs such as `swinstall` and `swmodify`. **Recommendations** For HP-UX versions B.11.00 through B.11.11, consider restricting access to the `swinstall` and `swmodify` programs until a patch is available. As a temporary workaround, avoid using long LANG environment variables with these programs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.