HPUX Security Bulletin HPSBUX0103-146 - How Bad ?

["Boyce, Nick" <nick.boyce () EDS COM>]

Usual question - anyone know how bad this one is ?  The words "buffer
overflow" scare me :-)

===================< cut >===================
[...]
Digest Name:  daily security bulletins digest
    Created:  Mon Mar 19  3:00:03 PST 2001

Document ID      Title
---------------  -----------
HPSBUX0103-146   Sec. Vulnerability in crontab(1)

The documents are listed below.
----------------------------------------------------------------------------
---


Document ID:  HPSBUX0103-146
Date Loaded:  20010318
      Title:  Sec. Vulnerability in crontab(1)

----------------------------------------------------------------------
   HEWLETT-PACKARD COMPANY SECURITY BULLETIN: #0146, 19 Mar. '01
----------------------------------------------------------------------
    The information in the following Security Bulletin should be
    acted upon as soon as possible.  Hewlett-Packard Company will
    not be liable for any consequences to any customer resulting
    from customer's failure to fully implement instructions in
    this Security Bulletin as soon as possible.
----------------------------------------------------------------------
ISSUE:  crontab(1) contains a buffer overflow.

PLATFORM:  HP9000 Series 700 and 800 running HP-UX releases 11.00,
           11.04, 10.20, 10.24, 10.10, and 10.01.

POSSIBLE RESULT: Users could compromise system availability.

SOLUTION: Apply patches for HP-UX releases as follows:
                 for 11.00:           PHCO_22767,
                     11.04:           PHCO_23429,
                     10.20:           PHCO_22768,
                     10.24:           PHCO_23455,
                     10.10:           PHCO_22769,
                     10.01:           PHCO_22770.
[snip]
===================< cut >===================

(I'll forward the whole thing if people want to see it)

> Nick Boyce
> EDS Healthcare, Bristol, UK