RHEL 2.1 : kon2 (RHSA-2003:050)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

A buffer overflow in kon2 allows local users to obtain root
privileges.

KON is a Kanji emulator for the console. There is a buffer overflow
vulnerability in the command line parsing code portion of the kon
program up to and including version 0.3.9b. This vulnerability, if
appropriately exploited, can lead to local users being able to gain
escalated (root) privileges.

All users of kon2 should update to these errata packages which contain
a patch to fix this vulnerability.

Red Hat would like to thank Janusz Niewiadomski for notifying us of
this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2002-1155.html
http://rhn.redhat.com/errata/RHSA-2003-050.html

Solution :

Update the affected kon2 and / or kon2-fonts packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12363 ()

Bugtraq ID:

CVE ID: CVE-2002-1155