Advisories issued by Internet Security Systems (ISS) and the Computer Emergency Response Team/Co-ordination Centre (Cert) warn of a buffer overflow flaw in Sun's implementation of the X Windows Font Service (XFS), which serves font files to clients and runs by default on all versions of Solaris.
By formulating a specific XFS query, remote attackers can either crash the service or run arbitrary code with the privileges of the "nobody user". This privilege level is limited and similar to a normal user. However, after gaining access an attacker could use privilege escalation flaws to attain root status, the highest privilege level, according to ISS.
The XFS service (fs.auto) uses a high Transmission Control Protocol port, which mitigates the risk as these ports are usually blocked by firewalls, preventing an attack from the public Internet, said Gunter Ollmann, manager of X-Force Security Assessment Services at ISS.
"Normally this service would not be available over the Internet because it would be protected by a firewall, but internally this service is commonly available," he added.
The vulnerable service exposed on a corporate network makes an attack from the inside possible, but can also facilitate an attacker on the outside, Ollmann noted.
Should a host that is accessible from the Internet be compromised, an attacker could cascade his attacks and gain access to a Solaris machine by exploiting the XFS vulnerability.
Sun told ISS and Cert that it is working on a software update. Meanwhile, ISS advises users to disable XFS, unless it is explicitly required, and investigate firewall settings.
The ISS X-Force advisory is at:
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541
The Cert/CC advisory is at:
http://www.cert.org/advisories/CA-2002-34.html
Email Alerts
Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
