[28027] in bugtraq
Re: ISS Security Brief: Solaris fs.auto Remote Compromise
daemon@ATHENA.MIT.EDU (Florian Weimer)
Wed Nov 27 14:45:08 2002
To: bugtraq@securityfocus.com, vulndiscuss@vulnwatch.org
From: Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>
Date: Tue, 26 Nov 2002 16:00:10 +0100
In-Reply-To: <Pine.LNX.4.43.0211251042040.754-100000@mail.securityfocus.com> (Dave
Ahmad's message of "Mon, 25 Nov 2002 10:42:54 -0700 (MST)")
Message-ID: <87y97gcr5x.fsf@Login.CERT.Uni-Stuttgart.DE>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Dave Ahmad <da@securityfocus.com> quotes ISS:
> Solaris fs.auto Remote Compromise Vulnerability
This is more or less the standard font server of the X Window System.
> ISS X-Force has discovered a vulnerability in the Sun Microsystems
> implementation of the "X Window Font Service", or "XFS".
It appears as if this issue has already been addressed by Keith
Packard in 1999:
http://cvsweb.xfree86.org/cvsweb/xc/programs/xfs/difs/dispatch.c.diff?r1=3.6&r2=3.7
This patch has been part of XFree86 since version 3.3.6 at least.
X.Org releases beginning with X11 R6.5.1 have applied this patch as
well.
More recently, a null pointer check has been added to the XFree86
sources, probably to cope with some DoS issues.
--
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
