Forwarded from: William Knowles <wkat_private> http://www.nwfusion.com/news/2002/1126solarisflaw.html By Joris Evers IDG News Service 11/26/02 A vulnerability in Solaris puts systems running the Sun operating system at risk of being taken over by an attacker, experts warned late Monday. A buffer overflow flaw lies in Sun's implementation of the X Windows Font Service (XFS), which serves font files to clients and runs by default on all versions of Solaris, according to advisories issued by Internet Security Systems (ISS) and the Computer Emergency Response Team/Coordination Center (CERT/CC). By formulating a specific XFS query, remote attackers can either crash the service or run arbitrary code with the privileges of the "nobody user." This privilege level is limited and similar to a normal user. However, after gaining access an attacker could use privilege escalation flaws to attain root status, the highest privilege level, ISS said. The XFS service (fs.auto) uses a high TCP port, which mitigates the risk as such ports are typically blocked by firewalls, preventing an attack from the public Internet, Gunter Ollmann, manager of X-Force Security Assessment Services at ISS in London said. "Normally this service would not be available over the Internet because it would be protected by a firewall, but internally this service is commonly available," he said. The vulnerable service exposed on a corporate network makes an attack from the inside possible, but can also facilitate an attacker on the outside, Ollmann noted. Should a host that is accessible from the Internet get compromised, an attacker could cascade his attacks and gain access to a Solaris machine by exploiting the XFS vulnerability, he said. Sun told ISS and the CERT/CC that it is working on a software update. Meanwhile, ISS advises users to disable XFS unless it is explicitly required and investigate firewall settings. The ISS X-Force advisory http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541 The CERT/CC advisory http://www.cert.org/advisories/CA-2002-34.html *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Nov 27 2002 - 09:34:57 PST