Patch-ID# 103884-07 Keywords: security account lockup authenticate NIS+ password xsun command Synopsis: CDE 1.0.1: dtlogin patch Date: Dec/18/98 Solaris Release: 2.4 2.5 SunOS Release: 5.4 5.5 Unbundled Product: CDE Unbundled Release: 1.0.1 Relevant Architectures: sparc Xref: This patch available for x86 as patch 103885 BugId's fixed with this patch: 1205631 1253624 1258143 4005735 4067366 4095696 4080371 1249240 4148983 Changes incorporated in this version: 4148983 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/dt/bin/dtlogin /usr/dt/config/dtlogin.rc Problem Description: 4148983 Cannot start command line login (from 103884-06) 1249240 /var/dt and a few subdirs are world writable 4080371 dtlogin tmpfile vulnerability (from 103884-05) 4095696 Xsun -query doesn't work with Solaris 2.5.1 (from 103884-04) 4067366 Core file from dtlogin expose user's unencrypted passwd. (from 103884-03) repacked for patch install problem (from 103884-02) 4005735 CDE 1.1 dtlogin on Solaris 2.4 (and 1.0.x patch) has serious security hole. (from 103884-01) 1205631 Dtlogin failed to detect an expired account. 1253624 Keyboard lockup fix for console logins. 1258143 Authenticate NIS+ passwords longer than 8 characters. Patch Installation Instructions: -------------------------------- Refer to the Install.info file for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below as special instructions. Special Install Instructions: ----------------------------- None.