Patch-ID# 103717-11 Keywords: security y2000 year 2000 date service denial rpc.cmsd descriptors Synopsis: CDE 1.0.2_x86: dtcm sdtcm_convert rpc.cmsd patch Date: Aug/05/2004 Install Requirements: Additional instructions may be listed below Solaris Release: 2.4_x86 2.5.1_x86 2.5_x86 SunOS Release: 5.4_x86 5.5.1_x86 5.5_x86 Unbundled Product: CDE Unbundled Release: 1.0.2_x86 Xref: This patch available for SPARC as patch 103670 Topic: Relevant Architectures: i386 BugId's fixed with this patch: 1250240 1264172 1264389 4056819 4056822 4059776 4072526 4116961 4184188 4203585 4230754 4641721 Changes incorporated in this version: 4641721 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/dt/bin/dtcm /usr/dt/bin/dtcm_delete /usr/dt/bin/dtcm_editor /usr/dt/bin/dtcm_insert /usr/dt/bin/dtcm_lookup /usr/dt/bin/rpc.cmsd /usr/dt/lib/nls/msg/C/dtcm.cat /usr/dt/bin/sdtcm_convert Problem Description: 4641721 rpc.cmsd gets out of file descriptors -> unusable (from 103717-10) 4203585 Possible denial of service attack against rpc.cmsd per bug 4124715 (from 103717-09) 4059776 cde1.3 Non-Official date formats do not exhibit consistent behavior. (from 103717-08) Corrected patch packaging issues (from 103717-07) 4230754 Possible buffer overflows in rpc.cmsd (from 103717-06) 4184188 sdtcm_convert has buffer overflow (from 103717-05) 4116961 year2000 patch for CDE1.0.2 dtcm is incomplete (and broken) (from 103717-04) 4056822 Find 'To' date validation non y2000 compliant. 4056819 Cde1.0.2 Recurring yearly appointment is permitted on 29/2 (Leap Year). 4072526 Cde1.0.2 dtcm post year 2000 "View"->"go to date" fails if year is defaulted to an incorrect date. (from 103717-03) 1264389 rpc.cmsd security problem. (from 103717-02) 1264172 CDE 1.0.1 and 1.0.2 sdtcm_convert security vulnerability. (from 103717-01) 1250240 sdtcm_convert can be used to overwrite files. Patch Installation Instructions: -------------------------------- Refer to the Install.info file for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below as special instructions. Special Install Instructions: ----------------------------- For Solaris 2.4 only this patch requires the Kernel Update patch 101946-50 or higher. README -- Last modified date: Thursday, August 5, 2004