[ISN] Experts warn of buffer overflow flaw in Solaris

From: InfoSec News (isnat_private)
Date: Wed Nov 27 2002 - 00:37:24 PST

  • Next message: InfoSec News: "[ISN] Happy Thanksgiving!"

    Forwarded from: William Knowles <wkat_private>
    By Joris Evers
    IDG News Service 
    A vulnerability in Solaris puts systems running the Sun operating 
    system at risk of being taken over by an attacker, experts warned late 
    A buffer overflow flaw lies in Sun's implementation of the X Windows 
    Font Service (XFS), which serves font files to clients and runs by 
    default on all versions of Solaris, according to advisories issued by 
    Internet Security Systems (ISS) and the Computer Emergency Response 
    Team/Coordination Center (CERT/CC). 
    By formulating a specific XFS query, remote attackers can either crash 
    the service or run arbitrary code with the privileges of the "nobody 
    user." This privilege level is limited and similar to a normal user. 
    However, after gaining access an attacker could use privilege 
    escalation flaws to attain root status, the highest privilege level, 
    ISS said. 
    The XFS service (fs.auto) uses a high TCP port, which mitigates the 
    risk as such ports are typically blocked by firewalls, preventing an 
    attack from the public Internet, Gunter Ollmann, manager of X-Force 
    Security Assessment Services at ISS in London said. 
    "Normally this service would not be available over the Internet 
    because it would be protected by a firewall, but internally this 
    service is commonly available," he said. 
    The vulnerable service exposed on a corporate network makes an attack 
    from the inside possible, but can also facilitate an attacker on the 
    outside, Ollmann noted. Should a host that is accessible from the 
    Internet get compromised, an attacker could cascade his attacks and 
    gain access to a Solaris machine by exploiting the XFS vulnerability, 
    he said. 
    Sun told ISS and the CERT/CC that it is working on a software update. 
    Meanwhile, ISS advises users to disable XFS unless it is explicitly 
    required and investigate firewall settings. 
    The ISS X-Force advisory
    The CERT/CC advisory
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Nov 27 2002 - 09:34:57 PST