TECHNICAL INFORMATION DOCUMENT TITLE: TF2164 - Mktime(3C) and syslog(3) Libc DATE: 05OCT95 README FOR: TF2164 PRODUCT and VERSION: UnixWare 2.01 Installation Instructions: DATATYPE: datastream 1. Download the tf2164.Z and tf2164.txt files to the /tmp directory on your machine. 2. Read the release notes contained in this file and follow the instuctions to add the package to your system. 3. Now become root, uncompress the file and add the package to your system using the following commands: $ su # uncompress /tmp/tf2164.Z # pkgadd -d /tmp/tf2164 ENGINEERING RELEASE NOTES ------------------------- Title ----- PTF2164 - Mktime(3C) and syslog(3) Libc Patch Product And Version ------------------- UnixWare 2.01 and UnixWare 2.02 Abstract -------- Corrected problems found with mktime(3C) and syslog(3) libc functions. Symptom -------- Julian dates are not converted properly by mktime(). The syslog() fails to verify that the user data length does not exceed the length of internal buffers used, thereby allowing local and remote users to possibly obtain root access. SOLUTION SPECIFICS ------------------ General Description. ------------------- The function, mktime(3C), converts a Julian date correctly. The function, syslog(3), now verifies that the user data supplied does not exceed the length of internal buffers used, and therefore closes the security hole alowing local and remote users to obtain root access. New Features. ------------ None. Software Notes and Recommendations. ---------------------------------- This PTF can ONLY be installed on UnixWare 2.01 and 2.02 systems. NOTE: If this PTF is installed on UnixWare 2.01 and UnixWare Update 2.02 is installed at some future date, this PTF must be re-installed after UnixWare Update 2.02 is successfully installed. If any of the following packages are installed, they are updated accordingly: 1) Enhanced Application Compatibility (acp) 2) BSD Compatibility (bsdcompat) 3) Optimizing C Compilation System (ccs) Testing of the modified software contained in this package has been conducted only to the extent necessary to confirm that it resolves the problem(s) stated above ("Symptom"). Such testing consists of recreating the problem conditions and verifying that the problem no longer occurs. No other testing of this software has been done. Hardware Notes and Recommendations. ---------------------------------- This PTF is targeted for the i386, i486 and Pentium CPU's. Installation Instructions. ------------------------- If this PTF is installed on UnixWare 2.01 and UnixWare Update 2.02 is installed at some future date, this PTF must be re-installed after UnixWare Update 2.02 is successfully installed.