Multiple Linux Vendor KON (Kanji On Console) Buffer Overflow Vulnerability

Bugtraq ID:	1371
Class:	Boundary Condition Error
CVE:	CVE-2000-0606 CVE-2000-0607
Remote:	No
Local:	Yes
Published:	Jun 21 2000 12:00AM
Updated:	Jul 11 2009 02:56AM
Credit:	This vulnerability was posted to the Bugtraq mailing list by Chris Evans <[email protected]> on Mon, Jun 19 2000. A detailed followup with an exploit was developed and posted by "Black Sphere" <[email protected]> on Fri, Aug 4 2000.
Vulnerable:	Redhat Kon2 0.3.9 - Debian Linux 2.3 - Debian Linux 2.2 pre potato - Debian Linux 2.2 - Debian Linux 2.1 - Debian Linux 2.0 r5 - Debian Linux 2.0 r2 - Debian Linux 2.0 - Mandriva Linux Mandrake 7.0 - Mandriva Linux Mandrake 6.1 - Redhat Linux 6.2 i386 - Redhat Linux 6.1 i386 - Redhat Linux 5.2 i386 - Redhat Linux 5.1 - Redhat Linux 5.0 Mandriva Linux Mandrake 7.1 Mandriva Linux Mandrake 7.0
Not Vulnerable:

Multiple Linux Vendor KON (Kanji On Console) Buffer Overflow Vulnerability

KON (Kanji On Console) is a package for displaying Kanji text under Linux and comes with two suid binaries which are vulnerable to buffer overflows. "fld", one of the vulnerable programs, accepts options input from a text file. Through this mechanism it is possible to input arbitrary code into the stack and spawn a root shell. The other binary, kon, suffers from a buffer overflow as well. The buffer overflow in kon can be exploited via the -StartupMessage command line option, and fld via the command line options: -t bdf <file to be read>

Multiple Linux Vendor KON (Kanji On Console) Buffer Overflow Vulnerability

Solution:
Remove the setuid bit on kon and fld.

Multiple Linux Vendor KON (Kanji On Console) Buffer Overflow Vulnerability

References: