Title: Canna subsystem 'uum' Buffer Overflow Vulnerability
Severity: HIGH
Description:
Canna is a Japanese input system available as free software. Canna provides a unified user interface for inputting Japanese.
Canna supports Nemacs(Mule), kinput2 and canuum. All of these tools can be used by a single customization file, romaji-to-kana conversion rules and conversion dictionaries, and input Japanese in the same way.
Canna converts kana to kanji based on a client-server model and supports automatic kana-to-kanji conversion.
The Canna subsystem on certain UNIX versions contains a buffer overflow in the 'uum' program. Uum is a Japanese input tty frontend for Canna. Regrettably, certain versions are vulnerable to a buffer overflow attack via unchecked user supplied data with the '-D' option. Since 'uum' is installed as SUID root this may result in a root level compromise.
Affected Products:
- SGI IRIX 5.3.0
- SGI IRIX 6.2.0
- SGI IRIX 6.3.0
- SGI IRIX 6.4.0
- SGI IRIX 6.5.0
- Sun Solaris 2.6
- Sun Solaris 2.6_x86
- Sun Solaris 7.0
- Sun Solaris 7.0_x86
- Turbolinux Turbolinux 4.2.0
References:
- Shadow Penguin Security: Penguin Toolbox #54: EmailClub
- Silicon Graphics Inc.: SGI Support
- Sun Microsystems: Sun Patch Access Page
- Sun Microsystems: Sun Patches List
- TurboLinux: TurboLinux Support
- eEye: eEye Digital Security Team Home Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
