Patch-ID# 106813-02 Keywords: security tooltalk TT_SESSION buffer overflow dtlogin hang rev 1.2.1 Synopsis: Trusted Solaris 2.5.1: ToolTalk patch Date: Apr/13/2001 Solaris Release: Trusted_Solaris_2.5.1 SunOS Release: Unbundled Product: Unbundled Release: Xref: Topic: Relevant Architectures: sparc BugId's fixed with this patch: 4402725 4402790 4402859 Changes incorporated in this version: 4174078 4402859 4402725 4402790 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/openwin/bin/rpc.ttdbserverd /usr/openwin/bin/tt_type_comp /usr/openwin/bin/ttce2xdr /usr/openwin/bin/ttcp /usr/openwin/bin/ttdbck /usr/openwin/bin/ttmv /usr/openwin/bin/ttrm /usr/openwin/bin/ttrmdir /usr/openwin/bin/ttsession /usr/openwin/bin/ttsnoop /usr/openwin/bin/tttar /usr/openwin/bin/tttrace /usr/openwin/lib/libtt.so.2 Problem Description: (for 106813-02) 4402725 tooltalk apps vulnerable to attack through TT_SESSION env variable 4402790 tooltalk display problem between tooltalk revs 1.2.1 and 1.3 4402859 CDE dtlogin hangs sometimes due to a ttsession hang (from 106813-01) 4174078: rcp.ttdbserverd has buffer overflow problems Patch Installation Instructions: -------------------------------- Refer to the Install.info file for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below as special instructions. Special Install Instructions: ----------------------------- Note: The steps below assume the patch tarfile has been placed into the ADMIN_LOW subdirectory of /tmp (/tmp is an MLD), owned by admin and the patch tarfile label is configured to ADMIN_LOW. Keep in mind, after rebooting, contents in /tmp directory are removed; if saving the patch tarfile is desired, select another MLD such as /var/tmp. 1) Login as a user authorized to assume the admin and root roles. Assume the admin role. 2) Create a subdirectory for the patch and move the patch tar file into it. # cd /tmp # mkdir # mv 123456-01.tar.Z ./ # cd is the directory containing the patch itself. 3) Uncompress the patch tarfile by typing: # uncompress 123456-01.tar.Z 4) Extract the patch by typing: # tar xvf 123456-01.tar 5) cd into the patch directory: # cd 123456-01 # pwd /tmp/patch-dir/123456-01 The tar file 123456-01.tar in this directory requires the "T" flag for tar file extraction in order to preserve its file security attributes. Failure to use this option will cause the patch installation to terminate. 6) Extract the patch by typing: # tar xvTf 123456-01.tar 7) Assume the root role, cd into the directory where the patch resides. # cd /tmp//123456-01 8) Install the patch by typing: installpatch where is the directory containing installpatch, and is the directory containing the patch itself. # pwd /tmp//123456-01 # ./installpatch . Patch changes will take effect on next reboot. Special Backout Instructions: ---------------------------- 1) Login as a user authorized to assume the root role, assume root role. 2) Change directory to /var/sadm/patch # cd /var/sadm/patch 3) Backout patch by typing: /backoutpatch where is the patch number. # 123456-01/backoutpatch 123456-01 Restored system changes will take effect on next reboot. README -- Last modified date: Friday, April 13, 2001