Patch-ID# 105124-07 Keywords: security y2000 cm rpc.cmsd date parse denial service attack Synopsis: OpenWindows 3.5.1_x86: Calendar Manager patch Date: Mar/08/2002 Solaris Release: 2.5.1_x86 SunOS Release: 5.5.1_x86 Unbundled Product: OpenWindows Unbundled Release: 3.5.1_x86 Xref: Topic: Relevant Architectures: i386 BugId's fixed with this patch: 1175511 1199013 1265008 4045161 4047146 4048417 4048634 4049725 4052365 4230754 4302183 4353678 Changes incorporated in this version: 4353678 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 103641-33 or greater Obsoleted by: Files included with this patch: /usr/openwin/bin/ae /usr/openwin/bin/cm_delete /usr/openwin/bin/cm_insert /usr/openwin/bin/cm_lookup /usr/openwin/bin/rpc.cmsd /usr/openwin/bin/cm Problem Description: 4353678 Possible denial of service attack against rpc.cmsd per bug 4124715(reworked) (from 105124-06) 4353678 Possible denial of service attack against rpc.cmsd per bug 4124715 (from 105124-05) 1199013 cm_lookup and friends do *not* parse dates correctly, as man page says (from 105124-04) 4302183 cm_lookup doesn't evaluate the date properly when using -d option (from 105124-03) 4230754 Possible buffer overflows in rpc.cmsd (from 105124-02) 1265008 Solaris 2.x rpc.cmsd vulnerability (from 105124-01) 4047146 Calendar Manager prints date wrongly after year 2000 4049725 cm appointment editor prints 1-digit years in yy/mm/dd format 4052365 cm appointment popup does not display correct date 4048417 Calendar prints year 2000 as 100 1175511 calendar stops to function correctly after February 200 4048634 cm cannot pick a day for appointment editor after 1999 4045161 Calendar year calculations are wrong... Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- None. README -- Last modified date: Friday, March 8, 2002