Note: This is an archival copy of Security Sun Alert 201669 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001242.1.
Article ID : 1001242.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2005-02-13
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Security Vulnerability in the "stfontserverd" Daemon

Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System

Bug Id
5104693

Date of Resolved Release
24-FEB-2005

Impact

A security vulnerability in the STSF Font Server Daemon (stfontserverd) may allow a local unprivileged user the ability to overwrite or remove any file on the system which could result in a Denial of Service (DoS).

Note: Standard Type Services Framework (STSF) is a text imaging and font handling framework for applications.


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 9 without patch 117201-09

x86 Platform

  • Solaris 9 without patch 117202-09

Note: Solaris 7, Solaris 8, and Solaris 10 are not affected by this issue.


Symptoms

There are no predictable symptoms that would indicate the described issue has been exploited.


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 9 with patch 117201-09 or later

x86 Platform

  • Solaris 9 with patch 117202-09 or later


Modification History

References
 117201-09

 117202-09



                                                                                       


Attachments
This solution has no attachment