Vulnerability Note VU#312313
Solaris X Window Font Service (XFS) daemon contains buffer overflow in Dispatch() function
A remotely exploitable buffer overflow has been discovered in the Solaris X Window Font Service (XFS) daemon (fs.auto).
ISS X-Force released an Advisory today regarding a remotely exploitable buffer overflow in XFS. According to ISS, XFS is installed and running by default on the following operating systems and architectures:
A remote attacker can execute arbitrary code with the privileges of the fs.auto daemon (typically nobody) or cause a denial of service by crashing the service.
Apply a vendor patch when it becomes available.
Ingress Filtering - It may be possible to limit the scope of this vulnerability by applying ingress filtering (blocking access to TCP port 7100 at your network perimeter). Note: You should carefully consider the impact of blocking services that you may be using.
fs stream tcp wait nobody /usr/openwin/lib/fs.auto fs
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Hewlett-Packard Company||Affected||-||06 Dec 2002|
|IBM||Affected||-||11 Dec 2002|
|Nortel Networks||Affected||-||17 Dec 2002|
|OpenBSD||Affected||-||05 Dec 2002|
|Sun Microsystems Inc.||Affected||-||25 Nov 2002|
|Xerox Corporation||Affected||-||30 May 2003|
|XFree86||Affected||-||05 Dec 2002|
|Apple Computer Inc.||Not Affected||-||26 Nov 2002|
|Cray Inc.||Not Affected||-||26 Nov 2002|
|Fujitsu||Not Affected||-||03 Dec 2002|
|Microsoft Corporation||Not Affected||-||26 Nov 2002|
|NetBSD||Not Affected||-||25 Nov 2002|
|Red Hat Inc.||Not Affected||-||04 Dec 2002|
|SGI||Not Affected||-||04 Dec 2002|
|SuSE Inc.||Not Affected||-||02 Dec 2002|
CVSS Metrics (Learn More)
ISS X-Force discovered this vulnerability.
This document was written by Ian A Finlay.
- CVE IDs: CAN-2002-1317
- CERT Advisory: CA-2002-34
- Date Public: 25 Nov 2002
- Date First Published: 25 Nov 2002
- Date Last Updated: 30 May 2003
- Severity Metric: 28.12
- Document Revision: 13
If you have feedback, comments, or additional information about this vulnerability, please send us email.