David Overton's Blog and Discussion Site
This site is my way to share my views and general business and IT information with you about Microsoft, IT solutions for ISVs, technologists and businesses, large and small. I specialise in Windows Intune and SBS 2008.
This blog is purely the personal opinions of David Overton. If you can't find the information you were looking for e-mail me at admin@davidoverton.com.

To find out more about my Windows Intune BOOK - Microsoft Windows Intune 2.0: Quickstart Administration click here

To find out more about my SBS 2008 BOOK - Small Business Server 2008, Installation, Migration and Configuration click here

Sometimes we need to remember that Windows is pretty good as far as security vulnerabilities go
David Overton's Blog

Buy my books

Windows Intune:Quickstart Administration


This is the RAW book (Read as Written).
Click here for more information
Buy or pre-order today

SBS 2008 - Installation, Migration and Configuration

Small Business Server 2008 – Installation, Migration, and Configuration

Buy today in book or e-book form

Request a Review Copy

Twitter

Syndication

I saw this on good old X (part of the GUI stuff for Unix and Linux systems) and it reminded me that although these codebases have had millions of hours of review (I worked on X systems from 1992-1995 inside a security project) they still have holes in them.  Anyone who thinks security is something that is fixed by more eyes, just using A/V or not using Microsoft can find many more of these sorts of examples.  It is also nice to see that the Microsoft Secure by Default / Secure by Design project was well received at Sun :-)

X Font Server (xfs) Security Hole in Solaris

As noted in the ZDNet posting X Font Server flaw hits Sun Solaris hard, the recently announced X font server vulnerabilities not only affect Solaris, but are exposed to the network by default in some Solaris installs.

What the article fails to mention is that it's only older installs that are vulnerable by default - Solaris versions up through Solaris 10 6/06 run xfs by default from inetd listening to the network. Solaris 10 11/06 and later Solaris 10 releases ask you at install time if you want your network services to default to being open or closed. Solaris Nevada/Express just closes them all by default and requires you to turn back on the ones you want. (These changes came from the Solaris Secure by Default project, which has more information on its project pages.)

X Font Server (xfs) Security Hole in Solaris [Alan Coopersmith's Weblog]

 

ttfn

David

Technorati Tags:

Posted Fri, Oct 12 2007 5:13 AM by David Overton
Filed under:

Add a Comment

(optional)  
(optional)
(required)  
Remember Me?

(c)David Overton 2006-13