Debian DSA-112-1 : hanterm - buffer overflow

high Nessus Plugin ID 14949

Synopsis

The remote Debian host is missing a security-related update.

Description

A set of buffer overflow problems have been found in hanterm, a Hangul terminal for X11 derived from xterm, that will read and display Korean characters in its terminal window. The font handling code in hanterm uses hard limited string variables but didn't check for boundaries.

This problem can be exploited by a malicious user to gain access to the utmp group which is able to write the wtmp and utmp files. These files record login and logout activities.

Solution

Upgrade the hanterm packages immediately if you have them installed.
Known exploits are already available.

This problem has been fixed in version 3.3.1p17-5.2 for the stable Debian distribution. A fixed package for the current testing/unstable distribution is not yet available but will have a version number higher than 3.3.1p18-6.1.

See Also

http://www.debian.org/security/2002/dsa-112

Plugin Details

Severity: High

ID: 14949

File Name: debian_DSA-112.nasl

Version: 1.17

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:hanterm, cpe:/o:debian:debian_linux:2.2

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 2/16/2002

Reference Information

CVE: CVE-2002-0239

DSA: 112