Re: Fw: CERT Advisory CA-2002-34 Buffer Overflow in Solaris X Window Font Service

From: Jim Knoble (jmknobleat_private)
Date: Tue Dec 03 2002 - 15:30:12 PST

  • Next message: SGI Security Coordinator: "[Full-Disclosure] BIND Name Server DNS Spoofing Vulnerability on IRIX" 

    -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Circa 2002-12-02 10:03:20 -0800 dixit Muhammad Faisal Rauf Danka:

: CERT Advisory CA-2002-34 Buffer Overflow in Solaris X Window Font Service
: 
:    Original release date: November 25, 2002
:    Last revised: --
:    Source: CERT/CC
: 
:    A complete revision history can be found at the end of this file.

  [...]

: Overview
: 
:    The  Solaris  X  Window Font Service (XFS) daemon (fs.auto) contains a
:    remotely exploitable buffer overflow vulnerability that could allow an
:    attacker to execute arbitrary code or cause a denial of service.

  [...]

: Appendix A. - Vendor Information

  [...]

: OpenBSD
: 
:    We do not have XFS.

Not true.  Observe:

- -------- cut here --------
$ rsync -av --partial rsync://ftp3.usa.openbsd.org/ftp/3.2/i386/xbase32.tgz .
  Welcome to ftp.usa.OpenBSD.org in Boulder, CO.
  For other mirror sites visit http://www.openbsd.org/ftp.html
       _____                 ____   _____ _____
      / ___ \               |  _ \ / ____|  __ \
     / /  / /___  ___  ____ | |_) | (___ | |  | |
    / /  / / __ \/ _ \/ __ \|  _ < \___ \| |  | |
   / /__/ / /_/ /  __/ / / /| |_) |____) | |__| |
   \_____/ .___/\___/_/ /_/ |____/|_____/|_____/
        /_/
               |    .            The proactively secure Unix-like
           .   |L  /|   .        Operating System.
       _ . |\ _| \--+._/| .      Please visit the OpenBSD web site
      / ||\| Y J  )   / |/| ./   at http://www.openbsd.org/
     J  |)'( |        ` F`.'/
   -<|  F         __     .-<     OpenBSD 3.2 has now been released!
     | /       .-'. `.  /-. L___ You can order a CD of OpenBSD 3.2
     J \      <    \  | | O\|.-' from http://www.openbsd.org/orders.html.
   _J \  .-    \/ O | | \  |F    CD sales are important to support the
  '-F  -<_.     \   .-'  `-' L__ continued development of the project.
 __J  _   _.     >-'  )._.   |-'
 `-|.'   /_.           \_|   F
   /.-   .                _.<    You may mirror the OpenBSD ftp archive via:
  /'    /.'             .'  `\   rsync -avz ftp.usa.openbsd.org::ftp
   /L  /'   |/      _.-'-\       rsync -avz ftp.usa.openbsd.org::ftp/sub/path
  /'J       ___.---'\|
    |\  .--' V  | `. `           To mirror the cvs repository please use SUP:
    |/`. `-.     `._)              http://www.openbsd.org/anoncvs.html#sup
       / .-.\                    Or use CVSup, see:
 VK    \ (  `\                     http://www.openbsd.org/cvsup.html
        `.\


receiving file list ... done
xbase32.tgz
wrote 60674 bytes  read 42124 bytes  1099.44 bytes/sec
total size is 9043589  speedup is 87.97
$ gzip -dc xbase32.tgz |tar -tvf - |grep -i xfs
- -rwxr-xr-x  1 root     wheel        77824 Oct  2 16:50 ./usr/X11R6/bin/xfs
- -rwxr-xr-x  1 root     wheel        32768 Oct  2 16:50 ./usr/X11R6/bin/xfsinfo
$ 
- -------- cut here --------

The X Font Server is clearly there, and has been since at least
OpenBSD-3.0.  I use it daily.

Perhaps there was a miscommunication between CERT and the OpenBSD
responder (for example, a misinterpretation of "XFS" as "SGI's XFS
journalled filesystem")?

- -- 
jim knoble  |  jmknobleat_private  |  http://www.pobox.com/~jmknoble/
(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
"I am non-refutable."  --Enik the Altrusian

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (Linux)
Comment: See http://www.pobox.com/~jmknoble/keys/ for my public key.

iEYEARECAAYFAj3tPj0ACgkQKJ/qqBOBFJFrywCgil4tbcjh4AEDWw0j5SNVN9Sv
QGAAn1cuG1Tj9REZh6P4Dvd+GbqSqXFa
=i8lQ
-----END PGP SIGNATURE-----

    This archive was generated by hypermail 2b30 : Thu Dec 05 2002 - 08:32:52 PST