Patch-ID# 103670-07 Keywords: security y2000 sdtcm calendar overwrite rpc.cmsd year 2000 Synopsis: CDE 1.0.2: dtcm sdtcm_convert rpc.cmsd patch Date: Aug/02/99 Solaris Release: 2.4 2.5 2.5.1 SunOS Release: 5.4 5.5 5.5.1 Unbundled Product: CDE Unbundled Release: 1.0.2 Xref: This patch available on CDE 1.0.1 as patch 103671 Relevant Architectures: sparc BugId's fixed with this patch: 1250240 1264172 1264389 4056819 4072526 4116961 4184188 4056822 4230754 Changes incorporated in this version: 4230754 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/dt/bin/sdtcm_convert /usr/dt/bin/rpc.cmsd /usr/dt/bin/dtcm /usr/dt/lib/nls/msg/C/dtcm.cat Problem Description: 4230754 Possible buffer overflows in rpc.cmsd (from 103670-06) 4184188 sdtcm_convert has buffer overflow (from 103670-05) 4116961 year2000 patch for CDE1.0.2 dtcm is incomplete (and broken) (from 103670-04) 4056822 Find 'To' date validation non y2000 compliant. 4056819 Cde1.0.2 Recurring yearly appointment is permitted on 29/2 (Leap Year). 4072526 Cde1.0.2 dtcm post year 2000 "View"->"go to date" fails if year is defaulted to an incorrect date. (from 103670-03) 1264389 rpc.cmsd security problem. (from 103670-02) 1264172 CDE 1.0.1 and 1.0.2 sdtcm_convert security vulnerability. (from 103670-01) 1250240 sdtcm_convert can be used to overwrite files. Patch Installation Instructions: -------------------------------- Refer to the Install.info file for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below as special instructions. Special Install Instructions: ----------------------------- You may see the following error message when installing this patch: ./installpatch[77]: syntax error at line 18 : `"' unmatched mv: cannot access /tmp/resolvedfiles.xxxx This is due to incorrect formatting in the original pkginfo file and will not affect proper patch installation. For Solaris 2.4 only this patch requires the Kernel Update patch 101945-50 or higher.