CERT Warns of Solaris Font Flaw

A buffer overflow in the X Window Font System on Sun’s Solaris operating
system can could let an attacker execute code or cause a denial-of-service
(DoS) attack, according to a warning from the
CERT Coordination Center.

The security flaws affect versions 2.5.1, 2.6, 7 and 8 (Sparc and Intel platforms) and version 9 (Sparc only) and CERT urged that the fs.auto daemon
be disabled until patches can be applied.

The flaw was found in Sun’s Solaris X Window Font
Service (XFS), which serves font files to users. The XFS daemon (fs.auto),
which ships with Solaris and included in some other operating systems,
contains the bug that could let a remote attacker execute arbitrary code
with the privileges of the fs.auto daemon (typically nobody) or cause a
denial-of-service by crashing the service.

Sun issued a security bulletin of its won, confirming the security flaw and offered a
workaround until a comprehensive patch can be issued.

Sun joined CERT in urging clients to disable the XFS daemon as a temporary
security measure. It said users should also block access to port 7100/TCP on
firewalls to guard against possible external, but not internal, exploitation
on the flaw.

The release of the vulnerability without a vendor fix continues to cause
controversy among security consultants who argue that vendors aren’t being
given enough time to react to security holes found by third-party firms.

In this case, one expert explained, the Solaris flaw was detected by the Internet Security Systems (ISS) X-Serve unit and
released before a comprehensive fix was made available.

The ISS said Sun confirmed patches would be made available on November 25 to
coincide with the release of its advisory but sun “rescheduled the patch
release” after the bulletin was published. ISS notified Sun of the
vulnerability on November 16.

Criticisms have dogged ISS in the past for jumping the gun and releasing
software flaws before a company can work on patches.