[Japanese]

JVNDB-2002-000291

Canna irw_through Buffer Overflow Vulnerability

Overview

Canna contains a buffer overflow vulnerability in the irw_through function.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 7.2 (High) [NVD Score]
  • Access Vector: Local
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
Affected Products


Canna Project.
  • Canna prior to version 3.6
Red Hat, Inc.
  • Red Hat Linux 7.1
  • Red Hat Linux 7.2
  • Red Hat Linux 7.3
  • Red Hat Linux 8.0

Impact

A local attacker could execute arbitrary code with the privileges of the 'bin' user.
Solution

Please refer to the 'Vendor Information' section for official remediation and take appropriate action.
Vendor Information

Canna Project. Red Hat, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2002-1158
References

  1. National Vulnerability Database (NVD) : CVE-2002-1158
  2. SecurityFocus : 6351
  3. ISS X-Force Database : 10831
Revision History

  • [2008/05/21]
      Web page published