Patch-ID# 103671-08 Keywords: security y2000 sdtcm rpc.cmsd year 2000 Non-Official date Synopsis: CDE 1.0.1: dtcm sdtcm_convert rpc.cmsd patch Date: Jun/30/00 Solaris Release: 2.4 2.5 SunOS Release: 5.4 5.5 Unbundled Product: CDE Unbundled Release: 1.0.1 Topic: CDE 1.0.1: dtcm patch NOTE: Refer to Special Install Instructions section for IMPORTANT specific information on this patch. Xref: This patch available for x86 as patch 103718 Relevant Architectures: sparc BugId's fixed with this patch: 1250240 1264172 1264389 4056819 4072526 4056822 4116961 4184188 4230754 4059776 Changes incorporated in this version: 4059776 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/dt/bin/sdtcm_convert /usr/dt/bin/rpc.cmsd /usr/dt/bin/dtcm /usr/dt/lib/nls/msg/C/dtcm.cat /usr/dt/bin/dtcm_lookup /usr/dt/bin/dtcm_insert /usr/dt/bin/dtcm_delete /usr/dt/bin/dtcm_editor Problem Description: 4059776 cde1.3 Non-Official date formats do not exhibit consistent behavior (from 103671-07) 4230754 Possible buffer overflows in rpc.cmsd (from 103671-06) 4184188 sdtcm_convert has buffer overflow (from 103671-05) 4116961 year2000 patch for CDE1.0.2 dtcm is incomplete (and broken) (from 103671-04) 4056822 Find 'To' date validation non y2000 compliant. 4056819 Cde1.0.2 Recurring yearly appointment is permitted on 29/2 (Leap Year). 4072526 Cde1.0.2 dtcm post year 2000 "View"->"go to date" fails if year is defaulted to an incorrect date. (from 103671-03) 1264389 rpc.cmsd security problem. (from 103671-02) 1264172 CDE 1.0.1 and 1.0.2 sdtcm_convert security vulnerability. (from 103671-01) 1250240 sdtcm_convert can be used to overwrite files. Patch Installation Instructions: -------------------------------- Refer to the Install.info file for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below as special instructions. Special Install Instructions: ----------------------------- For Solaris 2.4 only this patch requires the Kernel Update patch 101945-50 or higher.