Nov 26, 2002 (07:11 PM EST)
Sun Solaris Security Hole Leaves Users Vulnerable

Read the Original Article at InformationWeek

A vulnerability in how Sun Solaris handles fonts leaves systems susceptible to takeover by an attacker, according to a security bulletin.

The vulnerability comes from Sun's implementation of the X Windows Font Service, which serves font files to clients and runs by default on all versions of Solaris, according to an advisory issued by the CERT Coordination Center at Carnegie Mellon University.

Sun is working on a software update; CERT advises users to disable XFS unless it's specifically required, and configure firewalls to block access to port 7100/TCP. But CERT said that move won't block attacks launched from within the network perimeter.