There exists multiple security vulnerabilities within the handlers for the QueryXBitmaps and QueryXExtents protocol requests for the X Font Server, xfs(1), included with Solaris. These vulnerabilities may allow a local or remote unprivileged user the ability to execute arbitrary code with the privileges of the X font server. The X font server runs as the unprivileged user "nobody" (uid 60001) on Solaris. These vulnerabilities may allow also allow users to consume all available memory on a system resulting in a Denial of Service (DoS).

These issues are also referenced in the following documents:

• CVE-2007-4568 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4568
• CVE-2007-4990 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4990
• http://bugs.freedesktop.org/show_bug.cgi?id=12298
• http://bugs.freedesktop.org/show_bug.cgi?id=12299
• http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=602