Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

isn logo Information Security News mailing list archives

Experts warn of buffer overflow flaw in Solaris
From: InfoSec News <isn () c4i org>
Date: Wed, 27 Nov 2002 02:37:24 -0600 (CST)
Forwarded from: William Knowles <wk () c4i org>

http://www.nwfusion.com/news/2002/1126solarisflaw.html

By Joris Evers
IDG News Service 
11/26/02

A vulnerability in Solaris puts systems running the Sun operating 
system at risk of being taken over by an attacker, experts warned late 
Monday. 

A buffer overflow flaw lies in Sun's implementation of the X Windows 
Font Service (XFS), which serves font files to clients and runs by 
default on all versions of Solaris, according to advisories issued by 
Internet Security Systems (ISS) and the Computer Emergency Response 
Team/Coordination Center (CERT/CC). 

By formulating a specific XFS query, remote attackers can either crash 
the service or run arbitrary code with the privileges of the "nobody 
user." This privilege level is limited and similar to a normal user. 
However, after gaining access an attacker could use privilege 
escalation flaws to attain root status, the highest privilege level, 
ISS said. 

The XFS service (fs.auto) uses a high TCP port, which mitigates the 
risk as such ports are typically blocked by firewalls, preventing an 
attack from the public Internet, Gunter Ollmann, manager of X-Force 
Security Assessment Services at ISS in London said. 

"Normally this service would not be available over the Internet 
because it would be protected by a firewall, but internally this 
service is commonly available," he said. 

The vulnerable service exposed on a corporate network makes an attack 
from the inside possible, but can also facilitate an attacker on the 
outside, Ollmann noted. Should a host that is accessible from the 
Internet get compromised, an attacker could cascade his attacks and 
gain access to a Solaris machine by exploiting the XFS vulnerability, 
he said. 

Sun told ISS and the CERT/CC that it is working on a software update. 
Meanwhile, ISS advises users to disable XFS unless it is explicitly 
required and investigate firewall settings. 

The ISS X-Force advisory
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541

The CERT/CC advisory
http://www.cert.org/advisories/CA-2002-34.html


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.

  By Date           By Thread  

Current thread:
  • Experts warn of buffer overflow flaw in Solaris InfoSec News (Nov 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]