Patch-ID# 103670-10

Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security y2000 year 2000 non-official date denial service rpc.cmsd
Synopsis: CDE 1.0.2: dtcm sdtcm_convert rpc.cmsd patch
Date: Aug/05/2004

Install Requirements: Additional instructions may be listed below

Solaris Release: 2.4 2.5 2.5.1

SunOS Release: 5.4 5.5 5.5.1

Unbundled Product: CDE

Unbundled Release: 1.0.2

Xref: This patch available for x86 as 103717

Topic: CDE 1.0.2: dtcm patch
       NOTE:    Refer to Special Install Instructions section for
                IMPORTANT specific information on this patch.

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #

Changes incorporated in this version: 4641721

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:

Files included with this patch:


Problem Description:

4641721 rpc.cmsd gets out of file descriptors -> unusable
(from 103670-09)
4203585 Possible denial of service attack against rpc.cmsd per bug 4124715
(from 103670-08)
4059776 cde1.3 Non-Official date formats do not exhibit consistent behavior
(from 103670-07)
4230754 Possible buffer overflows in rpc.cmsd
(from 103670-06)
4184188 sdtcm_convert has buffer overflow
(from 103670-05)
4116961 year2000 patch for CDE1.0.2 dtcm is incomplete (and broken)
(from 103670-04)
4056822 Find 'To' date validation non y2000 compliant.      
4056819 Cde1.0.2 Recurring yearly appointment is permitted
	  on 29/2 (Leap Year).
4072526 Cde1.0.2 dtcm post year 2000 "View"->"go to date"
	  fails if year is defaulted to an incorrect date.
(from 103670-03)
1264389 rpc.cmsd security problem.
(from 103670-02)
1264172 CDE 1.0.1 and 1.0.2 sdtcm_convert security
(from 103670-01)
1250240 sdtcm_convert can be used to overwrite files.

Patch Installation Instructions:
Refer to the file for instructions on using the
generic 'installpatch' and 'backoutpatch' scripts provided with
each patch.  Any other special or non-generic installation
instructions should be described below as special instructions.

Special Install Instructions:
You may see the following error message when installing this patch:
./installpatch[77]: syntax error at line 18 : `"' unmatched
mv: cannot access /tmp/resolvedfiles.xxxx
This is due to incorrect formatting in the original pkginfo file
and will not affect proper patch installation.
For Solaris 2.4 only this patch requires the Kernel Update patch
101945-50 or newer.

README -- Last modified date: Friday, November 9, 2012