Kit Name: ALPDCE02_014 Kits superseded by this kit: ALPDCE01_014 Kit Description: Version(s) of OpenVMS to which this kit may be applied: OpenVMS Alpha V6.1, V6.1-1H1, V6.1-1H2, V6.2, V6.2-1H2, V6.2-1H3, V7.0, V7.1, V7.1-1H1 In order to receive the full fixes listed in this kit the following remedial kits also need to be installed: None Files patched or replaced: o [SYSEXE]DCE$DCE$ACL_EDIT.EXE (new image) o [SYSEXE]DCE$DCE$ADD_ID.EXE (new image) o [SYSEXE]DCE$DCE$CADUMP.EXE (new image) o [SYSEXE]DCE$CDSADV.EXE (new image) o [SYSEXE]DCE$CDSBROWSER.EXE (new image) o [SYSEXE]DCE$CDSCLERK.EXE (new image) o [SYSEXE]DCE$CDSCP.EXE (new image) o [SYSEXE]DCE$CDSD.EXE (new image) o [SYSEXE]DCE$CHECK.EXE (new image) o [SYSEXE]DCE$CHPASS.EXE (new image) o [SYSEXE]DCE$DCE_LOGIN.EXE (new image) o [SYSEXE]DCE$DTSCP.EXE (new image) o [SYSEXE]DCE$DTSD.EXE (new image) o [SYSHLP.EXAMPLES.DCE.DTSS]DCE$DTS_PROVIDER_GC1000.EXE (new image) Page 2 o [SYSHLP.EXAMPLES.DCE.DTSS]DCE$DTS_PROVIDER_HOPF.EXE (new image) o [SYSHLP.EXAMPLES.DCE.DTSS]DCE$DTS_PROVIDER_NULL.EXE (new image) o [SYSHLP.EXAMPLES.DCE.DTSS]DCE$DTS_PROVIDER_PSTI.EXE (new image) o [SYSHLP.EXAMPLES.DCE.DTSS]DCE$DTS_PROVIDER_SPEC.EXE (new image) o [SYSHLP.EXAMPLES.DCE.DTSS]DCE$DTS_PROVIDER_TRAC.EXE (new image) o [SYSHLP.EXAMPLES.DCE.TOOLS]DCE$ETDEL.EXE (new image) o [SYSHLP.EXAMPLES.DCE.TOOLS]DCE$ETDMP.EXE (new image) o [SYSHLP.EXAMPLES.DCE.TOOLS]DCE$ETFMT.EXE (new image) o [SYSHLP.EXAMPLES.DCE.TOOLS]DCE$ETGET.EXE (new image) o [SYSEXE]DCE$EXPORT.EXE (new image) o [SYSEXE]DCE$GDAD.EXE (new image) o [SYSEXE]DCE$CDSGETCELLS.EXE (new image) o [SYSLIB]DCE$IDL_CXX_SHR.EXE (new image) o [SYSMSG]DCE$IL_MSG.EXE (new image) o [SYSEXE]DCE$IMPORT.EXE (new image) o [SYSEXE]DCE$KDESTROCY.EXE (new image) o [SYSLIB]DCE$KERNEL.EXE (new image) o [SYSEXE]DCE$KINIT.EXE (new image) o [SYSEXE]DCE$KLIST.EXE (new image) o [SYSLIB]DCE$LGI_CALLOUTS.EXE (new image) o [SYSLIB]DCE$LIB_SHR.EXE (new image) o [SYSEXE]DCE$NSEDIT.EXE (new image) o [SYSLIB]DCE$NSEDIT_SHR.EXE (new image) o [SYSEXE]DCE$NSID.EXE (new image) o [SYSEXE]DCE$RGY_EDIT.EXE (new image) o [SYSEXE]DCE$RPCCP.EXE (new image) o [SYSEXE]DCE$RPCD.EXE (new image) o [SYSEXE]DCE$RPCLM.EXE (new image) Page 3 o [SYSEXE]DCE$SECD.EXE (new image) o [SYSEXE]DCE$SEC_ADMIN.EXE (new image) o [SYSEXE]DCE$SEC_CLIENTD.EXE (new image) o [SYSEXE]DCE$SEC_CREATE_DB.EXE (new image) o [SYSEXE]DCE$SEC_SETUP.EXE (new image) o [SYSLIB]DCE$SOCKSHR_DNET_IV.EXE (new image) o [SYSLIB]DCE$SOCKSHR_DNET_OSI.EXE (new image) o [SYSLIB]DCE$SOCKSHR_IP.EXE (new image) o [SYSLIB]DCE$SOCKSHR_TPS.EXE (new image) o [SYSEXE]DCE$SX.EXE (new image) o [SYSUPD]DCE$SEC_TAILOR.EXE (new image) o [SYSEXE]DCE$SEC_UAF.EXE (new image) o [SYSUPD]DCE$UAF_CONVERT.EXE (new image) o [SYSLIB]DCE$UAF_SHR.EXE (new image) o [SYSLIB]DCE$UTIL_SHR.EXE (new image) o [SYSEXE]DCE$UUIDGEN.EXE (new image) o [SYSEXE]DCE$X500_ADDCELL.EXE (new image) o [SYSEXE]DTSS$GRAPH.EXE (new image) o [SYSLIB]DTSS$RUNDOWN.EXE (new image) o [SYSEXE]DTSS$SET_TIMEZONE.EXE (new image) o [SYSLIB]DTSS$SHR.EXE (new image) o [DCE$LIBRARY]DCE_CF.H o [SYSMGR]ANL.COM o [SYSMGR]DCE$SETUP.COM o [SYSMGR ]DCE$SETUP_PATHWAY.COM Page 4 Problems addressed in ALPDCE02_014 kit o The ALPDCE01_014 remedial kit did not install on OpenVMS Alpha hardware versions. The ALPDCE02_014 remedial kit corrects this. Problems addressed in ALPDCE01_014 kit o When the security server is not running, sec_login_refresh_identity() returns an undocumented status code, 336760967. The documentation states that the sec_rgy_server_unavailable status code should be returned. Example programs from OSF and other vendors show the refresh thread testing for the sec_rgy_server_unavailable status to determine if the refresh should be retried o Executing any RPCLM command results in a fault invalid bound message on Alpha systems. $RPCLM String Binding of Server:ncadg_ip_udp:16.32.80.42[2301] RPCLM> inq %CMA-F-EXCCOPLOS, exception raised; some information lost -DCERPC-E-FAULTINVALIDBOU, fault invalid bound (DCE / RPC) o In the directory DCE$SPECIFIC:[KRB5] there are hundreds of versions of KRB5KDC_RCACHE created in it by the DCE$SECD process. These files do get cleaned up during a CLEAN operation but, they are not cleaned up during a start or restart of DCE. o If you do not include prior to including the header will not compile because it uses the datatype FILE*. o Attempting a kinit on an OpenVMS system results in the error below: $ kinit cell_admin $5$dkb0:[sys0.syscommon.][sysexe]dce$kinit.exe;4: Malformed representation of principal when parsing name T@ o When an 'Illegal state transition' occurs, the correct state is not reported. The code clobbered the state before reporting it. A state of 255 is reported and is meaningless because it is the code for No State. Page 5 o Print 4 digit years on output from DCE processes. Allow four digit data inputs from DCE administration functions. Fix leap year calculations for years after 2017. o It has been discovered that OSF/DCE has a potential problem in the security server that could allow for a denial of service attack. If a principal, group, or organization is greater than 1024 characters (including the cell name, so the actual name limit is less than 1024) when passed to security daemon (secd), it will cause secd core dump. The buffer is overrun causing memory corruption. In certain cases, the lookup attempt (or add or whatever) on the client will then rebind to another secd to make the request, eventually crashing all security daemons in the cell. o The new Pathway IP version can cause DCE setup to abort abruptly with error messages. Pathway changes the output of an image that returns the Pathway version. This causes output parsing routines to fail because they search for runtime on the line containing the version. Kit Installation Rating: The following kit installation rating, based upon current CLD information, is provided to serve as a guide as to which customers should apply this remedial kit. (Reference attached Disclaimer of Warranty and Limitation of Liability Statement) INSTALLATION RATING: 2 : To be installed by all customers using the following features": This remedial kit contains many Year 2000 related fixes. Any customer running DCE must install this kit. Installation Instructions: Install this kit with the VMSINSTAL utility by logging into the SYSTEM account, and typing the following at the DCL prompt: @SYS$UPDATE:VMSINSTAL ALPDCE01_015 [location of the saveset] The saveset location may be a tape drive, or a disk directory that contains the kit saveset. No reboot is necessary after successful installation of the kit. However, DCE must be re-started after the kit is installed to complete the installation of the new DCE images. DCE can be restarted with the comand Page 6 @SYS$MANAGER:DCE$SETUP START Copyright (c) Digital Equipment Corporation, 1998 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. The software contained on this media is proprietary to and embodies the confidential technology of Digital Equipment Corporation. Possession, use, or dissemination of the software and media is authorized only pursuant to a valid written license from Digital Equipment Corporation. DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY THIS PATCH IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED TO THE EXTENT PERMITTED BY APPLICABLE LAW. IN NO EVENT WILL DIGITAL BE LIABLE FOR ANY LOST REVENUE OR PROFIT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, WITH RESPECT TO ANY PATCH MADE AVAILABLE HERE OR TO THE USE OF SUCH PATCH.