CVE-2002-1317

XFS font server <9 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1317. PoCs published by TESO Security.

AI-analyzed exploit summary This exploit targets a buffer overflow in the XFS font server (fs.auto) to achieve remote command execution with 'nobody' privileges. It leverages a symlink attack and GOT overwrite to redirect execution to shellcode on the stack.

Description

Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.

Exploits (1)

exploitdb WORKING POC VERIFIED

by TESO Security · perlremoteunix

https://www.exploit-db.com/exploits/22036

View Code ZIP pw:eip

This exploit targets a buffer overflow in the XFS font server (fs.auto) to achieve remote command execution with 'nobody' privileges. It leverages a symlink attack and GOT overwrite to redirect execution to shellcode on the stack.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: XFS font server (fs.auto) in XFree86 versions prior to 3.3.6

No auth needed

Prerequisites: Access to the vulnerable XFS font server · Ability to create symlinks and files in /tmp

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13

Core References

Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp

http://www.securityfocus.com/advisories/4988

Vendor Advisory x_refsource_confirm

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=103825150527843&w=2

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A149

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert

http://www.cert.org/advisories/CA-2002-34.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A152

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2816

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/312313

Patch, Vendor Advisory third-party-advisory x_refsource_iss

http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541

Patch, Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/10375.php

Vendor Advisory vendor-advisory x_refsource_sgi

ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I

Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/6241

Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac

http://www.ciac.org/ciac/bulletins/n-024.shtml

Scores

EPSS 0.2403

EPSS Percentile 97.5%

Details

Status published

Products (35)

hp/hp-ux 10.10

hp/hp-ux 10.20

hp/hp-ux 10.24

hp/hp-ux 11.00

hp/hp-ux 11.04

hp/hp-ux 11.11

hp/hp-ux 11.22

sgi/irix 6.5

sgi/irix 6.5.1

sgi/irix 6.5.2

... and 25 more

Published Dec 11, 2002

Tracked Since Feb 18, 2026