IBM Information for VU#312313

Solaris X Window Font Service (XFS) daemon contains buffer overflow in Dispatch() function



Vendor Statement

The AIX operating system is vulnerable to the xfs issues discussed in CA-2002-34 in releases 4.3.3, 5.1.0 and 5.2.0.

IBM provides the following official fixes:

     APAR number for AIX 4.3.3: IY37888 (available approx. 01/29/03)
     APAR number for AIX 5.1.0: IY37886 (available approx. 04/28/03)
     APAR number for AIX 5.2.0: IY37889 (available approx. 04/28/03)

A temporary patch is available through an efix package which can be found at

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



Please note that IBM sent this statement on Dec 5, 2002.

If you have feedback, comments, or additional information about this vulnerability, please send us email.