Patch-ID# 104500-05
Download this patch from My Oracle Support
|
Your use of the firmware, software and any other materials contained
in this update is subject to My Oracle Support Terms of Use, which
may be viewed at My Oracle Support.
|
|
For further information on patching best practices and resources, please
see the following links:
|
|
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
Keywords: security dtappgather libclisrv suid appmanager
Synopsis: CDE 1.0.2_x86: dtappgather patch
Date: Jan/27/1999
Install Requirements: NA
Solaris Release: 2.4_x86 2.5.1_x86 2.5_x86
SunOS Release: 5.4_x86 5.5.1_x86 5.5_x86
Unbundled Product: CDE
Unbundled Release: 1.0.2_x86
Xref: This patch available for sparc as patch 104498
Topic:
Relevant Architectures: i386
Bugs fixed with this patch:
Changes incorporated in this version: 1249240
Patches accumulated and obsoleted by this patch:
Patches which conflict with this patch:
Patches required with this patch: 103886-07 (or greater)
Obsoleted by:
Files included with this patch:
/usr/dt/bin/dtappgather
Problem Description:
1249240 /var/dt and a few subdirs are world writable - requires 103886
(from 104500-04)
4107453 CDE susceptible to CA-98.02
(from 104500-03)
4117696 dtappgather has a security hole
(from 104500-02)
4097549 dtappgather can be used to view any file on the system.
(from 104500-01)
1264177 dtappgather is suid and has a security hole.
Patch Installation Instructions:
--------------------------------
Refer to the Install.info file for instructions on using the
generic ''installpatch'' and ''backoutpatch'' scripts provided with
each patch. Any other special or non-generic installation
instructions should be described below as special instructions.
Special Install Instructions:
-----------------------------
None.
README -- Last modified date: Friday, November 9, 2012