Patch-ID# 125192-04


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security duplicate entries data retention
Synopsis: Sun Management Centre 3.6.1 PRM: Patch for Solaris 9
Date: Feb/27/2009


Install Requirements: Use Single User Mode (run level S) when installing this patch on an active boot environment. An alternative may be specified in the Special Install Instructions.

Solaris Release: 9

SunOS Release: 5.9

Unbundled Product: Sun Management Center

Unbundled Release: 3.6.1

Xref:

Topic: Sun Management Centre 3.6.1 PRM: Patch for Solaris 9

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
483960415153050
505199215212515
672200115491974
672248515492274
673145715497998


Changes incorporated in this version: 6722485

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch: 123921-02 (or greater)

Obsoleted by:

Files included with this patch:

/opt/SUNWsymon/addons/PRM/sbin/prm-db-common.sh
/opt/SUNWsymon/apps/classes/esprms.jar
/opt/SUNWsymon/web/prm/scripts/prm.js

Problem Description:

6722485 /prm/reports reflected XSS in msg GET parameter
 
(from 125192-03)
 
6731457 accessing PRM web page as a null user with null password, system becomes unusable
 
(from 125192-02)
 
6722001 accessing PRM web page as a null user with null password, system becomes unusable
 
(from 125192-01)
 
5051992 user sees duplicate entries in data availability
4839604 data retention should be configurable


Patch Installation Instructions:
--------------------------------
 
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' scripts provided with Solaris.
 
The following example installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/123456-07
 
The following example removes a patch from a standalone system:
 
       example# patchrm 123456-07
 
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.


Special Install Instructions:
-----------------------------
 
NOTE 1:  The user can use es-config -x option to configure the age limit.
         (interactive mode)
 
         The user can use es-config -x -y <filename> option also.
         (from file)
 
         The format of the file should be like below (Case sensitive).
 
         hourly_data_age_limit=<value>
         daily_data_age_limit=<value>
         weekly_data_age_limit=<value>
         monthly_data_age_limit=<value>
 
         The units are as follows:
 
         hourly data ---  days
         daily data  ---  weeks
         weekly data ---  months
         monthly data---  months
 
         All the four entries should be present in the input file.
         In case of any invalid file the program will ask user whether
         he needs to switch into interactive mode.
 
NOTE 2:  Important:
         Changing the age limit will affect the performance of PRM.
         Moreover, the disk space available should be taken into
         account when giving the limits.


README -- Last modified date: Saturday, November 10, 2012