iPlanet iCal contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. By performing an installation using a GUI, the setup script executes "xhost +" on the system, which removes all access control to the system's X server. It is possible that a remote attacker could connect to the X server and monitor X Window events and gain privileges, resulting in a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, Sun has released a patch to address this vulnerability.