18th Apr 2002 [SBWID-5280]
COMMAND
	Compaq Tru64 libc environment variables overflow leads to local root
SYSTEMS AFFECTED
	 Compaq Tru64 UNIX V4.0F
	 Compaq Tru64 UNIX V5.0
	 Compaq Tru64 UNIX V5.1
	 Compaq Tru64 UNIX V5.1A
PROBLEM
	In Noboru Yoshinaga [[email protected]] SNS Advisory No.51 :
	Libc included with Compaq Tru64 UNIX is vulnerable to a buffer  overflow
	due to a flaw in the handling of  the  environment  variables  LANG  and
	LOCPATH. Local attackers could elevate privileges by using  a  SUID/SGID
	executable file that links to the vulnerable libc.
SOLUTION
	This problem can be eliminated by applying an appropriate patch to  your
	Tru64 UNIX version based on the information in the following URL:
	 
	http://ftp.support.compaq.com/patches/.new/html/SSRT-541.shtml