【TWCERT/CC安全通報】TW-CA-2005-027-[Sun(sm) Alert Notification

看板NetSecurity (資安資訊安全)作者Lan.時間20年前 (2005/03/10 21:32)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

※ 本文轉錄自 [Lan] 信箱作者: twcert@cert.org.tw (TWCERT/CC Fellows) 標題: 【TWCERT/CC安全通報】TW-CA-2005-027-[Sun(sm) A 時間: Thu Mar 10 16:17:24 2005 -----BEGIN PGP SIGNED MESSAGE----- TW-CA-2005-027-[Sun(sm) Alert Notification #57738: Security Vulnerability in the 'stfontserverd'] ──────────────────────────────────────── TWCERT/CC發布日期：2005-03-10 原漏洞發布日期：2005-02-24 原漏洞最新更新日期：2005-02-25 通用安全漏洞編號：分類：Dos 來源參考：Sun(sm) Alert Notification #57738 ──── 簡述 ───────────────────────────────── ──── 說明 ───────────────────────────────── STSF Font Server Daemon(stfontserverd)可允許本地端未經授權的使用者，夠能在系統中覆寫或移除任何檔案，這是一種阻斷服務攻擊。注意：Standard Type Services Framework (STSF, 標準類型服務架構)是應用程式的文字映像和字形處理的架構。 ──── 影響平台 ─────────────────────────────── 此議題可能影響下列發行版本： SPARC 平台 ‧未安裝 117201-09 修正檔的 Solaris 9 x86 平台 ‧未安裝 117202-09 修正檔的 Solaris 9 注意：Solaris 7, Solaris 8 與 Solaris 10 並不受本議題影響。 ──── 修正方式 ─────────────────────────────── 暫時解決方法：無暫時性解決方法，請參閱 "解決方法"。解決方法：此議題已於下列版本中解決： SPARC 平台 ‧安裝 117201-09 或更新版本修正檔的 Solaris 9 x86 平台 ‧安裝 117202-09 或更新版本修正檔的 Solaris 9 ──── 影響結果 ─────────────────────────────── 目前尚無可預期的徵兆顯示上述議題已遭受利用。 ──── 聯絡TWCERT/CC ───────────────────────────── Tel: 886-7-5250211 FAX: 886-7-5250212 886-2-23563303 886-2-23924082 Email: twcert@cert.org.tw URL: http://www.cert.org.tw/ PGP key: http://www.cert.org.tw/eng/pgp.htm ──────────────────────────────────────── 附件：[Security Vulnerability in the 'stfontserverd'] ──── 原文 ───────────────────────────────── Sun(sm) Alert Notification Sun Alert ID: 57738 Synopsis: Security Vulnerability in the "stfontserverd" Daemon Category: Security Product: Solaris BugIDs: 5104693 Avoidance: Patch State: Resolved Date Released: 24-Feb-2005 Date Closed: 24-Feb-2005 Date Modified: 1. Impact A security vulnerability in the STSF Font Server Daemon (stfontserverd ) may allow a local unprivileged user the ability to overwrite or remove any file on the system which could result in a Denial of Service (DoS). Note: Standard Type Services Framework (STSF) is a text imaging and font handling framework for applications. 2. Contributing Factors This issue can occur in the following releases: SPARC Platform Solaris 9 without patch 117201-09 x86 Platform Solaris 9 without patch 117202-09 Note: Solaris 7, Solaris 8, and Solaris 10 are not affected by this issue. 3. Symptoms There are no predictable symptoms that would indicate the described issue has been exploited. Solution Summary Top 4. Relief/Workaround There is no workaround. Please see the "Resolution" section below. 5. Resolution This issue is addressed in the following releases: SPARC Platform Solaris 9 with patch 117201-09 or later x86 Platform Solaris 9 with patch 117202-09 or later This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements. Copyright 2000-2005 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved. ──────────────────────────────────────── -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQEVAwUBQi//OKcyQYefg2/NAQEzAAgAnvUfTu0UcsCXkbVVPqVrqZJv0A0Gnl7R hqJUyiTFvztz8Eeuuoc1B1LnKdkxe3BkLM2CbfMv9oN8VPlyX1nKRCOWhwk7ub3T 3FV1oEkRNQDhqqYWsxD+TVU2harehrcoeZ1XkOIhkKVVFgr1jsMpg5PiGAujgNy2 iVOE7wqukYi1F3+8vMilWSFvoy1wTnMWTUTqEWeNASClXXkUvv5J+1q63+Gggg5q 3ThUs35QyDwUxkh5hbVHRTSqtY5mCp8ctpclR5pMlLd7JlBOIvXX8b/fljZsIM5z 8tgdY/qGViqz58KjbGrt0iNChhxmeLyYqbb4ysgdLBdHXDoPBlxV1g== =Tn3U -----END PGP SIGNATURE----- -- Taiwan Computer Emergency Response Team Security Advisory mailing list. Mail to : Majordomo@cert.org.tw and include a line "subscribe advisory". Please visit http://www.cert.org.tw/. PGP key : http://www.cert.org.tw/eng/pgp.htm