Sun Confirms Multiple Vulnerabilities Affecting Solaris - InformationWeek
IoT
IoT
Software // Enterprise Applications
News
10/9/2007
03:23 PM
50%
50%

Sun Confirms Multiple Vulnerabilities Affecting Solaris

A member of Sun's X Window System engineering team is recommending that users should turn off the X font server if they don't need it.

Sun Microsystems is warning users about a remote code execution vulnerability in Sun Solaris and is recommending that users work around the issue.

Alan Coopersmith, a member of the X Window System engineering team at Sun, confirmed in his blog reports of X font server vulnerabilities. He noted that the bugs not only affect Solaris, but are exposed to the network by default in some Solaris installs.

Early in October, researchers at iDefense disclosed that they had discovered multiple vulnerabilities in the X font server. The X Window System, also known as X11, is a graphical windowing system used on Unix-like systems, according to iDefense. The X Window System font server (xfs) is used to render fonts for the X server.

"Remote exploitation of multiple vulnerabilities in X.Org Foundation's X font server, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code," iDefense reported in an online advisory. "An integer overflow vulnerability exists within the handlers for the QueryXBitmaps and QueryXExtents protocol requests. Both requests result in a call to the build_range() function. This function takes a 32-bit integer from the request, and uses it in an arithmetic operation that calculates the size of a dynamic buffer. This calculation can overflow, which leads to an improperly sized memory allocation. This results in a heap overflow."

Coopersmith recommended that, until a patch comes out, users should turn off the X font server if they don't need it. He added that Sun developers are working on an official alert and patches but did not say when any of them would be ready.

He also noted that not all versions of Solaris are affected.

It's only older installs that are vulnerable by default, according to Coopersmith. "Solaris versions up through Solaris 10 6/06 run xfs by default from 'inetd' listening to the network," he wrote. "Solaris 10 11/06 and later Solaris 10 releases ask you at install time if you want your network services to default to being open or closed. Solaris Nevada/Express just closes them all by default and requires you to turn back on the ones you want."

He also gave some pointers for how to turn off the X font server. They can be found at this Web site.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll