Patch-ID# 104500-05 Keywords: security dtappgather libCliSrv suid appmanager Synopsis: CDE 1.0.2_x86: dtappgather patch Date: Jan/27/99 Solaris Release: 2.4_x86 2.5_x86 2.5.1_x86 SunOS Release: 5.4_x86 5.5_x86 2.5.1_x86 Unbundled Product: CDE Unbundled Release: 1.0.2_x86 Relevant Architectures: i386 Xref: This patch available for sparc as patch 104498 BugId's fixed with this patch: 1264177 4097549 4117696 4107453 1249240 Changes incorporated in this version: 1249240 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 103886-07 Obsoleted by: Files included with this patch: /usr/dt/bin/dtappgather Problem Description: 1249240 /var/dt and a few subdirs are world writable - requires 103886 (from 104500-04) 4107453 CDE susceptible to CA-98.02 (from 104500-03) 4117696 dtappgather has a security hole (from 104500-02) 4097549 dtappgather can be used to view any file on the system. (from 104500-01) 1264177 dtappgather is suid and has a security hole. Patch Installation Instructions: -------------------------------- Refer to the Install.info file for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below as special instructions. Special Install Instructions: ----------------------------- None.