Patch-ID# 100626-10 Keywords: security tooltalk patch Synopsis: OpenWindows 3.0: Tooltalk patch Date: Dec/24/99 Solaris Release: 1.0 1.0.1 1.1 1.1.1A 1.1.2 SunOS Release: 4.1.1 4.1.2 4.1.3 4.1.3_U1A 4.1.4 Unbundled Product: OpenWindows Unbundled Release: 3.0 Topic: ToolTalk patch BugId's fixed with this patch: 1085317 1074150 1074612 1066949 1071723 1070440 1068765 1071035 1072772 1081742 1077513 1082628 1084299 1093746 1095103 1094598 1129057 1140652 1138827 1146783 4164808 4260867 Changes incorporated in this version: 4260867 Relevant Architectures: sparc Patches which conflict with this patch: Obsoleted by: Files included with this patch: 27975 3 ./sun4/bin/install_tt 13106 240 ./sun4/bin/tt_type_comp 23107 32 ./sun4/bin/ttcp 52831 304 ./sun4/bin/ttdbck 25928 32 ./sun4/bin/ttmv 25451 32 ./sun4/bin/ttrm 25451 32 ./sun4/bin/ttrmdir 05784 192 ./sun4/bin/ttsession 12291 72 ./sun4/bin/tttar 43661 488 ./sun4/bin/rpc.ttdbserverd 52544 1 ./sun4/man/man1/install_tt.1 23011 3 ./sun4/man/man1/tt_type_comp.1 48976 2 ./sun4/man/man1/ttcp.1 20523 2 ./sun4/man/man1/ttmv.1 26392 2 ./sun4/man/man1/ttrm.1 37358 1 ./sun4/man/man1/ttrmdir.1 60096 4 ./sun4/man/man1/ttsession.1 64955 6 ./sun4/man/man1/tttar.1 16719 11 ./sun4/man/man3/ttapi.3 10119 2 ./sun4/man/man8/rpc.ttdbserverd.8 63807 5 ./sun4/man/man8/ttdbck.8 10119 2 ./sun4/man/man8/ttdbserverd.8 12337 6 ./sun4/lib/locale/C/LC_MESSAGES/Sun_ToolTalk.mo 49606 786 ./sun4/lib/libtt.a 52793 544 ./sun4/lib/libtt.so.1.1 28364 32 ./sun4/lib/libttstub.so.1.1 35048 19 ./sun4/include/desktop/tt_c.h 39212 2 ./sun4/include/desktop/ttdnd.h Problem Description: See bugid list 4260867 tooltalk apps vulnerable to attack through TT_SESSION env. variab 4164808 rpc.ttdbserver has buffer overflow problems 1129057 patch 100626-04 core dumps 1085317 session-scoped patterns with no op fail 1074150 ttdbck doesn't open existing DB files and/or dumps core 1074612 crash in tt_message_send on file-scoped queued msg. 1066949 ttdbck -k -x -F dumps core 1071723 Crash in tt_file_join("/usr/include/stdio.h") on victoria 1070440 core dump in tt_file_join during otype test 1068765 dbserver incorrectly resolves pathnames when exported symlinks are used 1071035 ToolTalk clients should not have to link with libX 1072772 File scope messages should not require X authority 1081742 auto-started clients that exit after handling cause problems 1077513 If a request is observed by its own sender, he won't be told when it fails. 1082628 Can't add ptype to classing engine DB when messages are start and queue 1084299 auto-starting caused by notices fails 1093746 File scoped messages do not work across multiple ttsessions. 1095103 TT_BOTH patterns never match any message 1094598 Attempting to open multiple session in ToolTalk returns TT_ERR_SESSION. 1138827 tt_open() attempts to do a host lookup on an invalid IP address. 1140652 TT_FILE-scoped request can fail if >2 sessions join the file. 1146783 ttsession leaks file descriptors using file scope and transient sessions. Patch Installation Instructions: -------------------------------- INSTALL: as root 1 - Exit OpenWindows 2 - su to root 3 - cd to $OPENWINHOME/lib 4 - get patch from current libtt.so.1.1 by typing nm libtt.so.1.1 | grep -i patch_id 5 - if patch id exists mv libtt.so.1.1 libtt.so.1.1.patch_id_123456_89 where patch_id_123456_89 is recorded from step #4 else mv libtt.so.1.1 libtt.so.1.1.fcs 6 - cp /sun4/lib/libtt.so.1.1 libtt.so.1.1 where is the directory containing the new patch. 7 - repeat steps 5 and 6 for libtt.a libttstub.so.1.1 8 - update the static library using ranlib ranlib -t libtt.a 9 - cd to $OPENWINHOME/include/dsktop 10 - if patch id exists mv tt_c.h tt_c.h.patch_id_123456_89 where patch_id_123456_89 is recorded from step #4 else mv tt_c.h tt_c.h.fcs 11 - cp /sun4/include/desktop/tt_c.h tt_c.h 12 - repeat steps 10 and 11 for ttdnd.h 13 - cd to $OPENWINHOME/bin 14 - if patch id exists mv rpc.ttdbserverd rpc.ttdbserverd.patch_id_123456_89 where patch_id_123456_89 is recorded from step #4 else mv rpc.ttdbserverd.fsc rpc.ttdbserverd 15 - cp /sun4/bin/rpc.ttdbserverd rpc.ttdbserverd 16 - repeat steps 14 and 15 for ttcp tt_type_comp ttdbck ttmv ttrm ttrmdir ttsession tttar install_tt 17 - cd to $OPENWINHOME/man/man1 18 - if patch id exists mv ttcp.1 ttcp.1.patch_id_123456_89 where patch_id_123456_89 is recorded from step #4 else mv ttcp.1 ttcp.1.fcs 19 - cp /sun4/man/man1/ttcp.1 ttcp.1 20 - repeat steps 18 and 19 for man1/tt_type_comp.1 man1/ttmv.1 man1/ttrm.1 man1/ttrmdir.1 man1/ttsession.1 man1/tttar.1 man1/install_tt.1 21 - cd to $OPENWINHOME/man/man3 22 - if patch id exists mv ttapi.3 ttapi.3.patch_id_123456_89 where patch_id_123456_89 is recorded from step #4 else mv ttapi.3 ttapi.3.fcs 23 - cp /sun4/man/man3/ttapi.3 ttapi.3 24 - cd to $OPENWINHOME/man/man8 25 - if patch id exists mv ttdbserverd.8 ttdbserverd.8.patch_id_123456_89 where patch_id_123456_89 is recorded from step #4 else mv ttdbserverd.8 ttdbserverd.8.fcs 26 - cp /sun4/man/man8/ttdbserverd.8 ttdbserverd.8 27 - repeat steps 25 and 26 for man8/rpc.ttdbserverd.8 man8/ttdbck.8 28 - cd $OPENWINHOME/lib/locale/C/LC_MESSAGES/ 29 - if patch id exists mv Sun_ToolTalk.mo Sun_ToolTalk.mo.patch_id_123456_89 where patch_id_123456_89 is recorded from step #4 else mv Sun_ToolTalk.mo Sun_ToolTalk.mo.fcs 30 - cp /sun4/lib/locale/C/LC_MESSAGES/Sun_ToolTalk.mo Sun_ToolTalk.mo Special Install Instructions: ----------------------------- None.