Rapid7 Vulnerability & Exploit Database

CESA-2003:050: kon2 security update

Back to Search

CESA-2003:050: kon2 security update

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
06/16/2003
Created
07/25/2018
Added
03/12/2010
Modified
07/04/2017

Description

A buffer overflow in kon2 allows local users to obtain root privileges.

KON is a Kanji emulator for the console. There is a buffer overflow vulnerability in the command line parsing code portion of the kon program up to and including version 0.3.9b. This vulnerability, if appropriately exploited, can lead to local users being able to gain escalated (root) privileges. All users of kon2 should update to these errata packages which contain a patch to fix this vulnerability. CentOS would like to thank Janusz Niewiadomski for notifying us of this issue.

Solution(s)

  • centos-upgrade-kon2
  • centos-upgrade-kon2-fonts

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;