Vulnerabilities > CVE-2002-0239 - Local Buffer Overflow vulnerability in Hanterm 3.3/3.3.1

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
hanterm
nessus
exploit available

Summary

Buffer overflow in hanterm 3.3.1 and earlier allows local users to execute arbitrary code via a long string in the (1) -fn, (2) -hfb, or (3) -hfn argument.

Vulnerable Configurations

Part Description Count
Application
Hanterm
2

Exploit-Db

  • descriptionHanterm 3.3 Local Buffer Overflow Vulnerability (2). CVE-2002-0239. Local exploit for linux platform
    idEDB-ID:21281
    last seen2016-02-02
    modified2002-02-07
    published2002-02-07
    reporterxperc
    sourcehttps://www.exploit-db.com/download/21281/
    titleHanterm 3.3 - Local Buffer Overflow Vulnerability 2
  • descriptionHanterm 3.3 Local Buffer Overflow Vulnerability (1). CVE-2002-0239. Local exploit for linux platform
    idEDB-ID:21280
    last seen2016-02-02
    modified2002-02-07
    published2002-02-07
    reporterXpl017Elz
    sourcehttps://www.exploit-db.com/download/21280/
    titleHanterm 3.3 - Local Buffer Overflow Vulnerability 1

Nessus

NASL familyDebian Local Security Checks
NASL idDEBIAN_DSA-112.NASL
descriptionA set of buffer overflow problems have been found in hanterm, a Hangul terminal for X11 derived from xterm, that will read and display Korean characters in its terminal window. The font handling code in hanterm uses hard limited string variables but didn
last seen2020-06-01
modified2020-06-02
plugin id14949
published2004-09-29
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/14949
titleDebian DSA-112-1 : hanterm - buffer overflow
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-112. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(14949);
  script_version("1.16");
  script_cvs_date("Date: 2019/08/02 13:32:16");

  script_cve_id("CVE-2002-0239");
  script_xref(name:"DSA", value:"112");

  script_name(english:"Debian DSA-112-1 : hanterm - buffer overflow");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A set of buffer overflow problems have been found in hanterm, a Hangul
terminal for X11 derived from xterm, that will read and display Korean
characters in its terminal window. The font handling code in hanterm
uses hard limited string variables but didn't check for boundaries.

This problem can be exploited by a malicious user to gain access to
the utmp group which is able to write the wtmp and utmp files. These
files record login and logout activities."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2002/dsa-112"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the hanterm packages immediately if you have them installed.
Known exploits are already available.

This problem has been fixed in version 3.3.1p17-5.2 for the stable
Debian distribution. A fixed package for the current testing/unstable
distribution is not yet available but will have a version number
higher than 3.3.1p18-6.1."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:hanterm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2002/02/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"2.2", prefix:"hanterm", reference:"3.3.1p17-5.2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");