Experts warn of vulnerability in Solaris


Experts warn of vulnerability in Solaris

A vulnerability in Solaris puts systems running the Sun operating system at risk of being taken over by an attacker, according to security experts.

Advisories issued by Internet Security Systems (ISS) and the Computer Emergency Response Team/Co-ordination Centre (Cert) warn of a buffer overflow flaw in Sun's implementation of the X Windows Font Service (XFS), which serves font files to clients and runs by default on all versions of Solaris.

By formulating a specific XFS query, remote attackers can either crash the service or run arbitrary code with the privileges of the "nobody user". This privilege level is limited and similar to a normal user. However, after gaining access an attacker could use privilege escalation flaws to attain root status, the highest privilege level, according to ISS.

The XFS service ( uses a high Transmission Control Protocol port, which mitigates the risk as these ports are usually blocked by firewalls, preventing an attack from the public Internet, said Gunter Ollmann, manager of X-Force Security Assessment Services at ISS.

"Normally this service would not be available over the Internet because it would be protected by a firewall, but internally this service is commonly available," he added.

The vulnerable service exposed on a corporate network makes an attack from the inside possible, but can also facilitate an attacker on the outside, Ollmann noted.

Should a host that is accessible from the Internet be compromised, an attacker could cascade his attacks and gain access to a Solaris machine by exploiting the XFS vulnerability.

Sun told ISS and Cert that it is working on a software update. Meanwhile, ISS advises users to disable XFS, unless it is explicitly required, and investigate firewall settings.

The ISS X-Force advisory is at:

The Cert/CC advisory is at:

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy