发布时间 :2000-06-21 00:00:00
修订时间 :2008-09-10 15:05:12

[原文]Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter.

[CNNVD]多个Linux供应商KON (Kanji On Console)缓冲区溢出漏洞(CNNVD-200006-084)

        Linux Kanji on Console (KON)包中kon程序存在缓冲区溢出漏洞。本地用户借助long -StartupMessage参数可以提升根特权。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:debian:debian_linux:2.0Debian Debian Linux 2.0
cpe:/o:mandrakesoft:mandrake_linux:6.1MandrakeSoft Mandrake Linux 6.1
cpe:/o:redhat:linux:6.2Red Hat Linux 6.2
cpe:/o:debian:debian_linux:2.2Debian Debian Linux 2.2
cpe:/o:redhat:linux:5.1Red Hat Linux 5.1
cpe:/o:redhat:linux:6.1Red Hat Linux 6.1
cpe:/o:mandrakesoft:mandrake_linux:7.1MandrakeSoft Mandrake Linux 7.1
cpe:/o:redhat:linux:5.0Red Hat Linux 5.0
cpe:/o:debian:debian_linux:2.1Debian Debian Linux 2.1
cpe:/o:redhat:linux:5.2Red Hat Linux 5.2
cpe:/o:debian:debian_linux:2.3Debian Debian Linux 2.3
cpe:/o:mandrakesoft:mandrake_linux:7.0MandrakeSoft Mandrake Linux 7.0

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  BUGTRAQ  20000619 Problems with "kon2" package
(UNKNOWN)  BID  1371

- 漏洞信息

多个Linux供应商KON (Kanji On Console)缓冲区溢出漏洞
高危 缓冲区溢出
2000-06-21 00:00:00 2005-10-20 00:00:00
        Linux Kanji on Console (KON)包中kon程序存在缓冲区溢出漏洞。本地用户借助long -StartupMessage参数可以提升根特权。

- 公告与补丁

        Remove the setuid bit on kon and fld.

- 漏洞信息

Kanji on Console (KON) kon -StartupMessage Parameter Local Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2000-06-21 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Multiple Linux Vendor KON (Kanji On Console) Buffer Overflow Vulnerability
Boundary Condition Error 1371
No Yes
2000-06-21 12:00:00 2009-07-11 02:56:00
This vulnerability was posted to the Bugtraq mailing list by Chris Evans <> on Mon, Jun 19 2000. A detailed followup with an exploit was developed and posted by "Black Sphere" <> on Fri, Aug 4 2000.

- 受影响的程序版本

RedHat Kon2 0.3.9
- Debian Linux 2.3
- Debian Linux 2.2 pre potato
- Debian Linux 2.2
- Debian Linux 2.1
- Debian Linux 2.0 r5
- Debian Linux 2.0 r2
- Debian Linux 2.0
- Mandriva Linux Mandrake 7.0
- Mandriva Linux Mandrake 6.1
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- RedHat Linux 5.2 i386
- RedHat Linux 5.1
- RedHat Linux 5.0
Mandriva Linux Mandrake 7.1
Mandriva Linux Mandrake 7.0

- 漏洞讨论

KON (Kanji On Console) is a package for displaying Kanji text under Linux and comes with two suid binaries which are vulnerable to buffer overflows. "fld", one of the vulnerable programs, accepts options input from a text file. Through this mechanism it is possible to input arbitrary code into the stack and spawn a root shell. The other binary, kon, suffers from a buffer overflow as well. The buffer overflow in kon can be exploited via the -StartupMessage command line option, and fld via the command line options: -t bdf &lt;file to be read&gt;

- 漏洞利用

See the message by "Black Sphere" under "Credit" for a full description of how this exploit code is used to obtain a root shell.

- 解决方案

Remove the setuid bit on kon and fld.

- 相关参考