Bt

**Name of the Vulnerable Software and Affected Versions** HP-UX version 11.0 **Description** A buffer overflow issue exists in the rwrite function, potentially allowing local users to execute arbitrary code by providing a long argument. The vendor was unable to reproduce the issue on a system patched for an lp vulnerability. **Recommendations** For HP-UX version 11.0, apply the necessary patches to resolve the issue, specifically ensuring the system is updated to address the lp vulnerability, as this may also mitigate the rwrite buffer overflow issue.

Name of the Vulnerable Software and Affected Versions: C-Kermit versions 6.0.192 and earlier Description: The issue is related to multiple buffer overflows in the kermit software, specifically in HP-UX versions 10.20 and 11.00, which can be exploited by local users to gain privileges. This is achieved by providing long arguments to certain functions, including `ask`, `askq`, `define`, `assign`, and `getc`. Some of these functions may share the same underlying function `doask`. Recommendations: For C-Kermit versions 6.0.192 and earlier, consider updating to version 8.0 or later to resolve the issue. As a temporary workaround, restrict the use of the `ask`, `askq`, `define`, `assign`, and `getc` functions to minimize the risk of exploitation. Additionally, be cautious when providing arguments to these functions to avoid triggering the buffer overflow.