COMMAND

    rpc.cmsd

SYSTEMS AFFECTED

     SunOS 4.1.4, 4.1.3_U1, 5.3, 5.4, 5.5, 5.5.1

PROBLEM

    The  rpc.cmsd  is  a  small  database  manager for appointment and
    resource-scheduling data. Its  primary client is  Calendar Manager
    in  Openwindows,  and  Calendar  in  CDE.   This vulnerability, if
    exploited, allows attackers to overwrite arbitrary files and  gain
    root access.  Credit for this goes to Marko Laakso.

SOLUTION

     The  following  patches  are  available  in relation to the above
     problem.  OpenWindows:

        SunOS               Patch ID
        -----               --------
        SunOS 5.5.1         104976-03
        SunOS 5.5.1_x86     105124-02
        SunOS 5.5           103251-07
        SunOS 5.5_x86       103273-04
        SunOS 5.4           102030-09
        SunOS 5.4_x86       102031-07
        SunOS 5.3           101513-12
        SunOS 4.1.4         100523-24
        SunOS 4.1.3_U1      100523-24

    CDE:

        CDE version         Patch ID
        -----------         --------
        1.02                103670-04
        1.02_x86            103717-04
        1.01                103671-04
        1.01_x86            103718-04