Multiple Linux Vendor KON (Kanji On Console) Buffer Overflow Vulnerability

KON (Kanji On Console) is a package for displaying Kanji text under Linux and comes with two suid binaries which are vulnerable to buffer overflows. "fld", one of the vulnerable programs, accepts options input from a text file. Through this mechanism it is possible to input arbitrary code into the stack and spawn a root shell. The other binary, kon, suffers from a buffer overflow as well. The buffer overflow in kon can be exploited via the -StartupMessage command line option, and fld via the command line options: -t bdf <file to be read>


 

Privacy Statement
Copyright 2010, SecurityFocus