Patch-ID# 103670-10 Keywords: security y2000 year 2000 non-official date denial service rpc.cmsd Synopsis: CDE 1.0.2: dtcm sdtcm_convert rpc.cmsd patch Date: Aug/05/2004 Install Requirements: Additional instructions may be listed below Solaris Release: 2.4 2.5 2.5.1 SunOS Release: 5.4 5.5 5.5.1 Unbundled Product: CDE Unbundled Release: 1.0.2 Xref: This patch available for x86 as 103717 Topic: CDE 1.0.2: dtcm patch NOTE: Refer to Special Install Instructions section for IMPORTANT specific information on this patch. Relevant Architectures: sparc BugId's fixed with this patch: 1250240 1264172 1264389 4056819 4056822 4059776 4072526 4116961 4184188 4203585 4230754 4641721 Changes incorporated in this version: 4641721 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/dt/bin/dtcm /usr/dt/bin/dtcm_delete /usr/dt/bin/dtcm_editor /usr/dt/bin/dtcm_insert /usr/dt/bin/dtcm_lookup /usr/dt/bin/rpc.cmsd /usr/dt/lib/nls/msg/C/dtcm.cat /usr/dt/bin/sdtcm_convert Problem Description: 4641721 rpc.cmsd gets out of file descriptors -> unusable (from 103670-09) 4203585 Possible denial of service attack against rpc.cmsd per bug 4124715 (from 103670-08) 4059776 cde1.3 Non-Official date formats do not exhibit consistent behavior (from 103670-07) 4230754 Possible buffer overflows in rpc.cmsd (from 103670-06) 4184188 sdtcm_convert has buffer overflow (from 103670-05) 4116961 year2000 patch for CDE1.0.2 dtcm is incomplete (and broken) (from 103670-04) 4056822 Find 'To' date validation non y2000 compliant. 4056819 Cde1.0.2 Recurring yearly appointment is permitted on 29/2 (Leap Year). 4072526 Cde1.0.2 dtcm post year 2000 "View"->"go to date" fails if year is defaulted to an incorrect date. (from 103670-03) 1264389 rpc.cmsd security problem. (from 103670-02) 1264172 CDE 1.0.1 and 1.0.2 sdtcm_convert security vulnerability. (from 103670-01) 1250240 sdtcm_convert can be used to overwrite files. Patch Installation Instructions: -------------------------------- Refer to the Install.info file for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below as special instructions. Special Install Instructions: ----------------------------- You may see the following error message when installing this patch: ./installpatch[77]: syntax error at line 18 : `"' unmatched mv: cannot access /tmp/resolvedfiles.xxxx This is due to incorrect formatting in the original pkginfo file and will not affect proper patch installation. For Solaris 2.4 only this patch requires the Kernel Update patch 101945-50 or newer. README -- Last modified date: Thursday, August 5, 2004