IBM Information for VU#312313

Solaris X Window Font Service (XFS) daemon contains buffer overflow in Dispatch() function

Status

Affected

Vendor Statement

The AIX operating system is vulnerable to the xfs issues discussed in CA-2002-34 in releases 4.3.3, 5.1.0 and 5.2.0.

IBM provides the following official fixes:

     APAR number for AIX 4.3.3: IY37888 (available approx. 01/29/03)
     APAR number for AIX 5.1.0: IY37886 (available approx. 04/28/03)
     APAR number for AIX 5.2.0: IY37889 (available approx. 04/28/03)

A temporary patch is available through an efix package which can be found at ftp://ftp.software.ibm.com/aix/efixes/security/xfs_efix.tar.Z.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

Please note that IBM sent this statement on Dec 5, 2002.

If you have feedback, comments, or additional information about this vulnerability, please send us email.