Patch-ID# 104976-08 Keywords: security y2000 cm calendar date parse denial service rpc.cmsd Synopsis: OpenWindows 3.5.1: Calendar Manager patch Date: Mar/08/2002 Solaris Release: 2.5.1 SunOS Release: 5.5.1 Unbundled Product: OpenWindows Unbundled Release: 3.5.1 Xref: Topic: Relevant Architectures: sparc BugId's fixed with this patch: 1175511 1199013 1265008 4045161 4047146 4048417 4048634 4049725 4052365 4230754 4302183 4353678 Changes incorporated in this version: 4353678 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 103640-33 or greater Obsoleted by: Files included with this patch: /usr/openwin/bin/ae /usr/openwin/bin/cm_delete /usr/openwin/bin/cm_insert /usr/openwin/bin/cm_lookup /usr/openwin/bin/rpc.cmsd /usr/openwin/bin/cm Problem Description: 4353678 Possible denial of service attack against rpc.cmsd per bug 4124715 (reworked) (from 104976-07) 4353678 Possible denial of service attack against rpc.cmsd per bug 4124715 (from 104976-06) 1199013 cm_lookup and friends do *not* parse dates correctly, as man page says (from 104976-05) 4302183 cm_lookup doesn't evaluate the date properly when using -d option (from 104976-04) 4230754 Possible buffer overflows in rpc.cmsd (from 104976-03) 1265008 Solaris 2.x rpc.cmsd vulnerability Incorporated from previous patch revision: 4047146 Calendar Manager prints date wrongly after year 2000 4049725 cm appointment editor prints 1-digit years in yy/mm/dd format 4052365 cm appointment popup does not display correct date 4048417 Calendar prints year 2000 as 100 1175511 Calendar stops to function correctly after February 2000 4048634 cm cannot pick a day for appointment editor after 1999 4045161 Calendar year calculations are wrong... Patch Installation Instructions: -------------------------------- Generic 'installpatch' and 'backoutpatch' scripts are provided within each patch package with instructions appended to this section. Other specific or unique installation instructions may also be necessary and should be described below. Special Install Instructions: ----------------------------- None. README -- Last modified date: Friday, March 8, 2002