Bugtraq mailing list archives
Re: ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability (fwd)
From: Florian Weimer <Weimer () CERT Uni-Stuttgart DE>
Date: Tue, 26 Nov 2002 16:00:10 +0100
Dave Ahmad <da () securityfocus com> quotes ISS:
Solaris fs.auto Remote Compromise Vulnerability
This is more or less the standard font server of the X Window System.
ISS X-Force has discovered a vulnerability in the Sun Microsystems implementation of the "X Window Font Service", or "XFS".
It appears as if this issue has already been addressed by Keith Packard in 1999: http://cvsweb.xfree86.org/cvsweb/xc/programs/xfs/difs/dispatch.c.diff?r1=3.6&r2=3.7 This patch has been part of XFree86 since version 3.3.6 at least. X.Org releases beginning with X11 R6.5.1 have applied this patch as well. More recently, a null pointer check has been added to the XFree86 sources, probably to cope with some DoS issues. -- Florian Weimer Weimer () CERT Uni-Stuttgart DE University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898
Current thread:
- ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability (fwd) Dave Ahmad (Nov 25)
- Re: ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability (fwd) Florian Weimer (Nov 27)