The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 103114 Multiple Security Issues Within The X Font Server (xfs(1)) QueryXBitmaps and QueryXExtents Protocol Handlers

Guest Author
Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System

There exists multiple security vulnerabilities within the handlers for the QueryXBitmaps and QueryXExtents protocol requests for the X Font Server, xfs(1), included with Solaris. These vulnerabilities may allow a local or remote unprivileged user the ability to execute arbitrary code with the privileges of the X font server. The X font server runs as the unprivileged user "nobody" (uid 60001) on Solaris. These vulnerabilities may allow also allow users to consume all available memory on a system resulting in a Denial of Service (DoS).

These issues are also referenced in the following documents:

State: Resolved
First released: 10-Oct-2007

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.