RHEL 2.1 : Canna (RHSA-2002:261)

This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

The Canna server, used for Japanese character input, has two security
vulnerabilities including an exploitable buffer overflow that allows a
local user to gain 'bin' user privileges. Updated packages for Red Hat
Linux Advanced Server are available.

[Updated 13 Jan 2003] Added fixed packages for the Itanium (IA64)

[Updated 06 Feb 2003] Added fixed packages for Advanced Workstation

Canna is a kana-kanji conversion server which is necessary for
Japanese language character input.

A buffer overflow bug in the Canna server up to and including version
3.5b2 allows a local user to gain the privileges of the user 'bin'
which can lead to further exploits. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2002-1158
to this issue.

In addition, it was discovered that request validation was lacking in
Canna server versions 3.6 and earlier. A malicious remote user could
exploit this vulnerability to leak information or cause a denial of
service attack. (CVE-2002-1159)

Red Hat Linux Advanced Server ships with a Canna package vulnerable to
these issues; however, the package is normally only installed when
Japanese language support is selected during installation.

All users of Canna are advised to upgrade to these errata packages
which contain a backported security fix and are not vulnerable to this

Red Hat would like to thank hsj and AIDA Shinra for the responsible
disclosure of these issues.

See also :


Solution :

Update the affected Canna, Canna-devel and / or Canna-libs packages.

Risk factor :

High / CVSS Base Score : 7.2

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12336 ()

Bugtraq ID:

CVE ID: CVE-2002-1158

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now