Info

Disclosure

Jun 03, 2003

Discovery

Unknown

Dates

Exploit

Jun 16, 2003

Solution

Unknown

Description

A local overflow exists in kon2. The "kon" program fails to sanitize buffer input resulting in a buffer overflow. With a specially crafted request, an attacker can gain root privileges resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public

Solution

Upgrade to version 0.3.9b-1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

kon2

0.3.9

References

ISS X-Force ID: 12143
CVE ID: 2002-1155 (see also: NVD)
Generic Exploit URL: http://archives.neohapsis.com/archives/bugtraq/2003-06/0019.html
http://archives.neohapsis.com/archives/bugtraq/2003-06/0105.html
Vendor Specific Advisory URL: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:064
https://rhn.redhat.com/errata/RHSA-2003-047.html
https://rhn.redhat.com/errata/RHSA-2003.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/2094