Omron WorldView Wnn Asian Language Server Remote Buffer Overflow Vulnerability

A remote buffer overflow exists in the Asian language servers portion of a number of different implementations of Wnn. It has been reported that only systems that have WorldView Japanese, Korean, and Chinese installed are vulnerable to this issue. Wnn is a Kana-Kanji translation system, most commonly used for foreign language support in Unix systems.

An overflow exists when the server receives a long string with a Wnn command, such as JS_OPEN, JS_MKDIR or JS_FILE_INFO included. By creating a buffer containing machine executable code, it is possible to cause a remote system running the jserver daemon to execute arbitrary commands as the user the daemon is running as. This is frequently root.


 

Privacy Statement
Copyright 2010, SecurityFocus