Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability (fwd)
Nov 25 2002 05:42PM
Dave Ahmad (da securityfocus com)
(1 replies)
Re: ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability (fwd)
Nov 26 2002 03:00PM
Florian Weimer (Weimer CERT Uni-Stuttgart DE)
Dave Ahmad <da (at) securityfocus (dot) com [email concealed]> quotes ISS:
> Solaris fs.auto Remote Compromise Vulnerability
This is more or less the standard font server of the X Window System.
> ISS X-Force has discovered a vulnerability in the Sun Microsystems
> implementation of the "X Window Font Service", or "XFS".
It appears as if this issue has already been addressed by Keith
Packard in 1999:
http://cvsweb.xfree86.org/cvsweb/xc/programs/xfs/difs/dispatch.c.diff?r1
=3.6&r2=3.7
This patch has been part of XFree86 since version 3.3.6 at least.
X.Org releases beginning with X11 R6.5.1 have applied this patch as
well.
More recently, a null pointer check has been added to the XFree86
sources, probably to cope with some DoS issues.
--
Florian Weimer Weimer (at) CERT.Uni-Stuttgart (dot) DE [email concealed]
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
> Solaris fs.auto Remote Compromise Vulnerability
This is more or less the standard font server of the X Window System.
> ISS X-Force has discovered a vulnerability in the Sun Microsystems
> implementation of the "X Window Font Service", or "XFS".
It appears as if this issue has already been addressed by Keith
Packard in 1999:
http://cvsweb.xfree86.org/cvsweb/xc/programs/xfs/difs/dispatch.c.diff?r1
=3.6&r2=3.7
This patch has been part of XFree86 since version 3.3.6 at least.
X.Org releases beginning with X11 R6.5.1 have applied this patch as
well.
More recently, a null pointer check has been added to the XFree86
sources, probably to cope with some DoS issues.
--
Florian Weimer Weimer (at) CERT.Uni-Stuttgart (dot) DE [email concealed]
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
[ reply ]