Problem in how operating system handles fonts could let an attacker take over a machine.
A vulnerability in how Sun Solaris handles fonts leaves systems susceptible to takeover by an attacker, according to a security bulletin.
The vulnerability comes from Sun's implementation of the X Windows Font Service, which serves font files to clients and runs by default on all versions of Solaris, according to an advisory issued by the CERT Coordination Center at Carnegie Mellon University.
Sun is working on a software update; CERT advises users to disable XFS unless it's specifically required, and configure firewalls to block access to port 7100/TCP. But CERT said that move won't block attacks launched from within the network perimeter.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.