Patch-ID# 103717-11


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security y2000 year 2000 date service denial rpc.cmsd descriptors
Synopsis: CDE 1.0.2_x86: dtcm sdtcm_convert rpc.cmsd patch
Date: Aug/05/2004


Install Requirements: Additional instructions may be listed below

Solaris Release: 2.4_x86 2.5.1_x86 2.5_x86

SunOS Release: 5.4_x86 5.5.1_x86 5.5_x86

Unbundled Product: CDE

Unbundled Release: 1.0.2_x86

Xref: This patch available for SPARC as patch 103670

Topic:

Relevant Architectures: i386

Bugs fixed with this patch:

Sun CR # Bug #
125024014915572
126417214921476
126438914921620
405681914940992
405682214940994
405977614941903
407252614944901
411696114956540
418418814974211
420358514978952
423075414986340
464172115097863


Changes incorporated in this version: 4641721

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:

Files included with this patch:

/usr/dt/bin/dtcm
/usr/dt/bin/dtcm_delete
/usr/dt/bin/dtcm_editor
/usr/dt/bin/dtcm_insert
/usr/dt/bin/dtcm_lookup
/usr/dt/bin/rpc.cmsd
/usr/dt/lib/nls/msg/C/dtcm.cat
/usr/dt/bin/sdtcm_convert

Problem Description:

4641721 rpc.cmsd gets out of file descriptors -> unusable
 
(from 103717-10)
4203585 Possible denial of service attack against rpc.cmsd per bug 4124715
 
(from 103717-09)
4059776 cde1.3 Non-Official date formats do not exhibit consistent behavior.
 
(from 103717-08)
Corrected patch packaging issues
 
(from 103717-07)
4230754 Possible buffer overflows in rpc.cmsd
 
(from 103717-06)
4184188 sdtcm_convert has buffer overflow
 
(from 103717-05)
4116961 year2000 patch for CDE1.0.2 dtcm is incomplete (and broken)
 
(from 103717-04)
4056822 Find 'To' date validation non y2000 compliant.      
4056819 Cde1.0.2 Recurring yearly appointment is permitted
	  on 29/2 (Leap Year).
4072526 Cde1.0.2 dtcm post year 2000 "View"->"go to date"
	  fails if year is defaulted to an incorrect date.
 
(from 103717-03)
1264389 rpc.cmsd security problem.
 
(from 103717-02)
1264172 CDE 1.0.1 and 1.0.2 sdtcm_convert security
	  vulnerability.
 
(from 103717-01)
1250240 sdtcm_convert can be used to overwrite files.


Patch Installation Instructions:
-------------------------------- 
Refer to the Install.info file for instructions on using the
generic 'installpatch' and 'backoutpatch' scripts provided with
each patch.  Any other special or non-generic installation
instructions should be described below as special instructions.


Special Install Instructions:
----------------------------- 
 
For Solaris 2.4 only this patch requires the Kernel Update patch
101946-50 or higher.


README -- Last modified date: Friday, November 9, 2012