Sun has acknowledged some vulnerabilities in Sun Solaris, which can be exploited by malicious people to execute arbitrary code and compromise a vulnerable server.
There exists multiple security vulnerabilities within the handlers for the QueryXBitmaps and QueryXExtents protocol requests for the X Font Server, xfs(1), included with Solaris. These vulnerabilities may allow a local or remote unprivileged user the ability to execute arbitrary code with the privileges of the X font server. The X font server runs with root privileges on Solaris. These vulnerabilities may also allow users to consume all available memory on a system resulting in a Denial of Service (DoS).
This vulnerability has been classified as "moderately critical" by Secunia. Sun recommends that the X Font Server be disabled until a patch is available.
Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.