Patch-ID# 107023-11 Keywords: security locales extended service attack rpc.cmsd file descriptors Synopsis: CDE 1.3_x86: Calendar Manager patch Date: Sep/21/2004 Install Requirements: See Special Install Instructions Solaris Release: 7_x86 SunOS Release: 5.7_x86 Unbundled Product: CDE Unbundled Release: 1.3_x86 Xref: This patch available for SPARC as 107022 Topic: Relevant Architectures: i386 BugId's fixed with this patch: 4117156 4175236 4184188 4192354 4203585 4213057 4230754 4236395 4285729 4641721 Changes incorporated in this version: 4641721 4203585 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 106943-09 or greater 108375-01 or greater Obsoleted by: Files included with this patch: /usr/dt/bin/rpc.cmsd /usr/dt/bin/sdtcm_convert /usr/dt/lib/libcsa.so.0 /usr/dt/share/man/man1/dtcm.1 /usr/dt/bin/dtcm Problem Description: 4203585 Possible denial of service attack against rpc.cmsd per bug 4124715 (reworked) 4641721 rpc.cmsd gets out of file descriptors -> unusable (reworked) (from 107023-10) 4641721 rpc.cmsd gets out of file descriptors -> unusable (from 107023-09) 4203585 Possible denial of service attack against rpc.cmsd per bug 4124715 (from 107023-08) 4285729 all partial locales: /usr/dt/bin/dtcm does not print extended characters (from 107023-07) 4236395 dtcm segv trying to pop-up a reminder (from 107023-06) 4175236 Reminder mail sent from calendar is not internationalized. (from 107023-05) 4213057 Add Tooltip functionality (from 107023-04) 4192354 non-root users outside a domain can't view a calendar on a Solaris (from 107023-03) 4230754 Possible buffer overflows in rpc.cmsd (from 107023-02) 4117156 Users on SunOS 4.1.3 are unable to access calendar located on Solaris 2 (from 107023-01) 4184188 sdtcm_convert has buffer overflow Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7 release, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- See the README for patch 108375 for instructions on enabling Tooltips. Note: For a complete fix for bug: 4285729 all partial locales: /usr/dt/bin/dtcm does not print extended Please also install patch: 111193-01 Cannot print extended characters from dtcm (or newer) README -- Last modified date: Tuesday, September 21, 2004