Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2816
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A152
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A149
http://www.securityfocus.com/bid/6241
http://www.securityfocus.com/advisories/4988
http://www.kb.cert.org/vuls/id/312313
http://www.iss.net/security_center/static/10375.php
http://www.ciac.org/ciac/bulletins/n-024.shtml
http://www.cert.org/advisories/CA-2002-34.html
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879
http://marc.info/?l=bugtraq&m=103825150527843&w=2
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541