Vulnerability Note VU#312313
Solaris X Window Font Service (XFS) daemon contains buffer overflow in Dispatch() function
Overview
A remotely exploitable buffer overflow has been discovered in the Solaris X Window Font Service (XFS) daemon (fs.auto).
Description
ISS X-Force released an Advisory today regarding a remotely exploitable buffer overflow in XFS. According to ISS, XFS is installed and running by default on the following operating systems and architectures:
|
Impact
A remote attacker can execute arbitrary code with the privileges of the fs.auto daemon (typically nobody) or cause a denial of service by crashing the service. |
Solution
Apply a vendor patch when it becomes available. |
Ingress Filtering - It may be possible to limit the scope of this vulnerability by applying ingress filtering (blocking access to TCP port 7100 at your network perimeter). Note: You should carefully consider the impact of blocking services that you may be using.
|
Systems Affected (Learn More)
Vendor | Status | Date Notified | Date Updated |
---|---|---|---|
Hewlett-Packard Company | Affected | - | 06 Dec 2002 |
IBM | Affected | - | 11 Dec 2002 |
Nortel Networks | Affected | - | 17 Dec 2002 |
OpenBSD | Affected | - | 05 Dec 2002 |
Sun Microsystems Inc. | Affected | - | 25 Nov 2002 |
Xerox Corporation | Affected | - | 30 May 2003 |
XFree86 | Affected | - | 05 Dec 2002 |
Apple Computer Inc. | Not Affected | - | 26 Nov 2002 |
Cray Inc. | Not Affected | - | 26 Nov 2002 |
Fujitsu | Not Affected | - | 03 Dec 2002 |
Microsoft Corporation | Not Affected | - | 26 Nov 2002 |
NetBSD | Not Affected | - | 25 Nov 2002 |
Red Hat Inc. | Not Affected | - | 04 Dec 2002 |
SGI | Not Affected | - | 04 Dec 2002 |
SuSE Inc. | Not Affected | - | 02 Dec 2002 |
CVSS Metrics (Learn More)
Group | Score | Vector |
---|---|---|
Base | N/A | N/A |
Temporal | N/A | N/A |
Environmental | N/A | N/A |
References
- http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541
- http://docs.sun.com/db/doc/806-7072/6jfvjtg1l?q=xfs&a=view
Credit
ISS X-Force discovered this vulnerability.
This document was written by Ian A Finlay.
Other Information
- CVE IDs: CAN-2002-1317
- CERT Advisory: CA-2002-34
- Date Public: 25 Nov 2002
- Date First Published: 25 Nov 2002
- Date Last Updated: 30 May 2003
- Severity Metric: 28.12
- Document Revision: 13
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.