Patch-ID# 103670-06 Keywords: security y2000 sdtcm calendar overwrite rpc.cmsd year 2000 Synopsis: CDE 1.0.2: dtcm sdtcm_convert rpc.cmsd patch Date: Dec/03/98 Solaris Release: 2.4 2.5 2.5.1 SunOS Release: 5.4 5.5 5.5.1 Unbundled Product: CDE Unbundled Release: 1.0.2 Xref: This patch available on CDE 1.0.1 as patch 103671 Relevant Architectures: sparc BugId's fixed with this patch: 1250240 1264172 1264389 4056819 4072526 4116961 4184188 4056822 Changes incorporated in this version: 4184188 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/dt/bin/sdtcm_convert /usr/dt/bin/rpc.cmsd /usr/dt/bin/dtcm /usr/dt/lib/nls/msg/C/dtcm.cat Problem Description: 4184188 sdtcm_convert has buffer overflow (from 103670-05) 4116961 year2000 patch for CDE1.0.2 dtcm is incomplete (and broken) (from 103670-04) 4056822 Find 'To' date validation non y2000 compliant. 4056819 Cde1.0.2 Recurring yearly appointment is permitted on 29/2 (Leap Year). 4072526 Cde1.0.2 dtcm post year 2000 "View"->"go to date" fails if year is defaulted to an incorrect date. (from 103670-03) 1264389 rpc.cmsd security problem. (from 103670-02) 1264172 CDE 1.0.1 and 1.0.2 sdtcm_convert security vulnerability. (from 103670-01) 1250240 sdtcm_convert can be used to overwrite files. Patch Installation Instructions: -------------------------------- Refer to the Install.info file for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below as special instructions. Special Install Instructions: ----------------------------- You may see the following error message when installing this patch: ./installpatch[77]: syntax error at line 18 : `"' unmatched mv: cannot access /tmp/resolvedfiles.xxxx This is due to incorrect formatting in the original pkginfo file and will not affect proper patch installation.