Patch-ID# 109152-02 Keywords: security svctcp_create core malloc buffer overflow dbm_open dbminit Synopsis: SunOS 5.8: /usr/4lib/libc.so.x.9 and libdbm patch Date: Mar/27/2003 Install Requirements: None Solaris Release: 8 SunOS Release: 5.8 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 114617 Topic: SunOS 5.8: /usr/4lib/libc.so.x.9 and libdbm patch Relevant Architectures: sparc BugId's fixed with this patch: 4128267 4668699 Changes incorporated in this version: 4668699 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/4lib/libc.so.1.9 /usr/4lib/libc.so.2.9 /usr/ucblib/libdbm.a /usr/ucblib/libdbm.so.1 /usr/ucblib/sparcv9/libdbm.so.1 Problem Description: 4668699 buffer overflow in dbm_open and dbminit (except the one in libc) (from 109152-01) 4128267 using the svctcp_create call compiled under 4.1.4 dumps core when running on Solaris 2.6 and up Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE 1: To get the complete security fix for 4668699 (buffer overflow in dbm_open), one needs to install the LDAP2/libc patch 108993-16 (or newer). README -- Last modified date: Thursday, March 27, 2003