I saw this on good old X (part of the GUI stuff for Unix and Linux systems) and it reminded me that although these codebases have had millions of hours of review (I worked on X systems from 1992-1995 inside a security project) they still have holes in them. Anyone who thinks security is something that is fixed by more eyes, just using A/V or not using Microsoft can find many more of these sorts of examples. It is also nice to see that the Microsoft Secure by Default / Secure by Design project was well received at Sun :-)
X Font Server (xfs) Security Hole in Solaris
As noted in the ZDNet posting X Font Server flaw hits Sun Solaris hard, the recently announced X font server vulnerabilities not only affect Solaris, but are exposed to the network by default in some Solaris installs.
What the article fails to mention is that it's only older installs that are vulnerable by default - Solaris versions up through Solaris 10 6/06 run xfs by default from inetd listening to the network. Solaris 10 11/06 and later Solaris 10 releases ask you at install time if you want your network services to default to being open or closed. Solaris Nevada/Express just closes them all by default and requires you to turn back on the ones you want. (These changes came from the Solaris Secure by Default project, which has more information on its project pages.)
X Font Server (xfs) Security Hole in Solaris [Alan Coopersmith's Weblog]
Technorati Tags: Security
Fri, Oct 12 2007 5:13 AM