Patch-ID# 101495-04 Keywords: security address lookup host rpc gethostbyn gethostbya tt_open Synopsis: OpenWindows 3.3: ToolTalk patch Date: Dec/24/99 Solaris Release: 2.3 SunOS Release: 5.3 Unbundled Product: OpenWindows Unbundled Release: 3.3 Relevant Architectures: sparc BugId's fixed with this patch: 1138827 4164808 4260867 Changes incorporated in this version: 4260867 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/openwin/bin/rpc.ttdbserverd /usr/openwin/bin/tt_type_comp /usr/openwin/bin/ttce2xdr /usr/openwin/bin/ttcp /usr/openwin/bin/ttdbck /usr/openwin/bin/ttmv /usr/openwin/bin/ttrm /usr/openwin/bin/ttrmdir /usr/openwin/bin/ttsession /usr/openwin/bin/tttar /usr/openwin/lib/libtt.so.1 /usr/openwin/lib/libtt.a Problem Description: 4260867 tooltalk apps vulnerable to attack through TT_SESSION env. variab (from 101495-03) 4164808 rpc.ttdbserver has buffer overflow problems (from 101495-02) patch packaging corrections (from 101495-01) 1138827 tt_open attempts to do a host lookup on an invalid IP address Patch Installation Instructions: -------------------------------- Generic 'installpatch' and 'backoutpatch' scripts are provided within each patch package with instructions appended to this section. Other specific or unique installation instructions may also be necessary and should be described below. Special Install Instructions: ----------------------------- None.