Security Advisory kon2 security update

Advisory: RHSA-2003:050-10
Type: Security Advisory
Severity: Important
Issued on: 2003-06-09
Last updated on: 2003-06-09
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux WS (v. 2.1)
OVAL: N/A
CVEs (cve.mitre.org): CVE-2002-1155

Details

A buffer overflow in kon2 allows local users to obtain root privileges.

KON is a Kanji emulator for the console. There is a buffer overflow
vulnerability in the command line parsing code portion of the kon program
up to and including version 0.3.9b. This vulnerability, if appropriately
exploited, can lead to local users being able to gain escalated (root)
privileges.

All users of kon2 should update to these errata packages which contain a
patch to fix this vulnerability.

Red Hat would like to thank Janusz Niewiadomski for notifying us of this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

Please note that this update is available via Red Hat Network. To use Red
Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
kon2-0.3.9b-14.as21.1.src.rpm     f4e464d473a1cafafe7ca72e6f4b39ad
 
IA-32:
kon2-0.3.9b-14.as21.1.i386.rpm     e5e569cc3bf689ed2baaa9eea718e287
kon2-fonts-0.3.9b-14.as21.1.i386.rpm     775c31bb1e6371e3a806527d4221c4a2
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
kon2-0.3.9b-14.as21.1.src.rpm     f4e464d473a1cafafe7ca72e6f4b39ad
 
IA-32:
kon2-0.3.9b-14.as21.1.i386.rpm     e5e569cc3bf689ed2baaa9eea718e287
kon2-fonts-0.3.9b-14.as21.1.i386.rpm     775c31bb1e6371e3a806527d4221c4a2
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
kon2-0.3.9b-14.as21.1.src.rpm     f4e464d473a1cafafe7ca72e6f4b39ad
 
IA-32:
kon2-0.3.9b-14.as21.1.i386.rpm     e5e569cc3bf689ed2baaa9eea718e287
kon2-fonts-0.3.9b-14.as21.1.i386.rpm     775c31bb1e6371e3a806527d4221c4a2
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

78109 - CAN-2002-1155 AS2.1: Users can gain root access with kon2


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1155

Keywords

flaw:buf

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/