Font flaw foils Solaris security
A hole in the software that handles desktop fonts in Solaris setups could leave workstations and servers based on the Sun operating system open to attack.
The vulnerability could give hackers and online vandals
Reader Resources CNET White Papers | ||||
"We are aware of the problem, and we are working on a patch," he said, adding that Sun had been working with ISS on a patch, but problems during testing had delayed the fix. "We are trying to get it up as soon as possible."
The flaw, a memory problem known as a buffer overflow, appears in the X Windows Font Server (XFS) software known as fs.auto, a key component of the Solaris desktop system. However, the problem doesn't just affect workstations, said Jay Dyson, senior security consultant with security software Web site Treachery Unlimited.
"The problem is that it comes turned on with default Solaris," he said. "And 90 percent of the people don't turn it off."
The flaw affects every version of the operating system from Solaris 2.5.1 to Solaris 9 on both Sun's Sparc and Intel's x86 architectures, ISS stated in its advisory. A representative from the Atlanta-based security company was not immediately available for comment.
ISS recommends that administrators turn off the Solaris font software unless it's absolutely necessary. On any computer that needs the software, the company recommends that administrators block the port to keep outside attackers from using the flaw to get control of a computer within the network. A port is a software data channel that applications use to communicate with other computers via a network.