CVE-2002-1159

2002-12-18T05:00:00

Description

Canna 3.6 and earlier does not properly validate requests, which allows remote attackers to cause a denial of service or information leak.

Affected Package

OS	OS Version	Package Name	Package Version
Debian	12	canna	3.7p3-19
Debian	11	canna	3.7p3-16
Debian	10	canna	3.7p3-14
Debian	999	canna	3.7p3-19
Debian	9	canna	3.7p3-14~deb9u1

{"id": "DEBIANCVE:CVE-2002-1159", "vendorId": null, "type": "debiancve", "bulletinFamily": "info", "title": "CVE-2002-1159", "description": "Canna 3.6 and earlier does not properly validate requests, which allows remote attackers to cause a denial of service or information leak.", "published": "2002-12-18T05:00:00", "modified": "2002-12-18T05:00:00", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4}, "severity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://security-tracker.debian.org/tracker/CVE-2002-1159", "reporter": "Debian Security Bug Tracker", "references": [], "cvelist": ["CVE-2002-1159"], "immutableFields": [], "lastseen": "2022-06-02T05:58:42", "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2002-1159"]}, {"type": "debian", "idList": ["DEBIAN:DSA-224-1:72F73", "DEBIAN:DSA-224-1:C46DC"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-224.NASL", "REDHAT-RHSA-2002-261.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:53720"]}, {"type": "redhat", "idList": ["RHSA-2002:261"]}], "rev": 4}, "score": {"value": 4.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2002-1159"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2002-261.NASL"]}]}, "exploitation": null, "vulnersScore": 4.6}, "_state": {"dependencies": 0}, "_internal": {}, "affectedPackage": [{"OS": "Debian", "OSVersion": "12", "arch": "all", "packageFilename": "canna_3.7p3-19_all.deb", "packageVersion": "3.7p3-19", "operator": "lt", "status": "resolved", "packageName": "canna"}, {"OS": "Debian", "OSVersion": "11", "arch": "all", "packageFilename": "canna_3.7p3-16_all.deb", "packageVersion": "3.7p3-16", "operator": "lt", "status": "resolved", "packageName": "canna"}, {"OS": "Debian", "OSVersion": "10", "arch": "all", "packageFilename": "canna_3.7p3-14_all.deb", "packageVersion": "3.7p3-14", "operator": "lt", "status": "resolved", "packageName": "canna"}, {"OS": "Debian", "OSVersion": "999", "arch": "all", "packageFilename": "canna_3.7p3-19_all.deb", "packageVersion": "3.7p3-19", "operator": "lt", "status": "resolved", "packageName": "canna"}, {"OS": "Debian", "OSVersion": "9", "arch": "all", "packageFilename": "canna_3.7p3-14~deb9u1_all.deb", "packageVersion": "3.7p3-14~deb9u1", "operator": "lt", "status": "resolved", "packageName": "canna"}]}

{"cve": [{"lastseen": "2022-03-23T13:14:26", "description": "Canna 3.6 and earlier does not properly validate requests, which allows remote attackers to cause a denial of service or information leak.", "cvss3": {}, "published": "2002-12-18T05:00:00", "type": "cve", "title": "CVE-2002-1159", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2002-1159"], "modified": "2018-05-03T01:29:00", "cpe": ["cpe:/a:canna:canna:3.6", "cpe:/a:canna:canna:3.5b2"], "id": "CVE-2002-1159", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1159", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:a:canna:canna:3.6:*:*:*:*:*:*:*", "cpe:2.3:a:canna:canna:3.5b2:*:*:*:*:*:*:*"]}], "debian": [{"lastseen": "2021-11-30T14:18:07", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 224-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nJanuary 8th, 2002 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : canna\nVulnerability : buffer overflow and more\nProblem-Type : local, remote\nDebian-specific: no\nCVE Id : CAN-2002-1158 CAN-2002-1159\nBugTraq Id : 6351 6354\n\nSeveral vulnerabilities have been discovered in canna, a Japanese\ninput system. The Common Vulnerabilities and Exposures (CVE) project\nidentified the following vulnerabilities:\n\n * CAN-2002-1158 (BugTraq Id 6351): "hsj" of Shadow Penguin Security\n discovered a heap overflow vulnerability in the irw_through\n function in canna server.\n\n * CAN-2002-1159 (BugTraq Id 6354): Shinra Aida of the Canna project\n discovered that canna does not properly validate requests, which\n allows remote attackers to cause a denial of service or information\n leak.\n\nFor the current stable distribution (woody) these problems have been\nfixed in version 3.5b2-46.2.\n\nFor the old stable distribution (potato) these problems have been\nfixed in version 3.5b2-25.2.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 3.6p1-1.\n\nWe recommend that you upgrade your canna packages.\n\n\nInstallation Instructions\n- -------------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 2.2 alias potato\n- ---------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-25.2.dsc\n Size/MD5 checksum: 621 3eefe4cadee26f2e74c148836428d6b1\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-25.2.diff.gz\n Size/MD5 checksum: 131811 63bb6ebf66965b21fd2d80107f720dad\n http://ftp.debian.org/debian/dists/potato/main/source/utils/canna_3.5b2.orig.tar.gz\n Size/MD5 checksum: 1328622 5e1d8527d397c3914ce6104dac3db466\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-25.2_alpha.deb\n Size/MD5 checksum: 901812 a4b31bcbfc19c9ce1ee5575595399301\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-25.2_alpha.deb\n Size/MD5 checksum: 119214 74679fa94fd305f40bb396dc993ba780\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-25.2_alpha.deb\n Size/MD5 checksum: 478650 1e2d41c1ebca00e898652dcf720492a3\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-25.2_alpha.deb\n Size/MD5 checksum: 701894 a402fb38f84c3315e71efc468c009324\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-25.2_arm.deb\n Size/MD5 checksum: 839926 6b88eb89835706fa151d393dadbedd1a\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-25.2_arm.deb\n Size/MD5 checksum: 107114 21b9623c1d662b2d23017634ebcb69dc\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-25.2_arm.deb\n Size/MD5 checksum: 409604 01e0b806a238fdf417d6892ab929b1d5\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-25.2_arm.deb\n Size/MD5 checksum: 593312 f04a0c824bed79d0e5ea6ee13a9ee838\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-25.2_i386.deb\n Size/MD5 checksum: 831452 79ede5024732deae7a3f106ca94d1d65\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-25.2_i386.deb\n Size/MD5 checksum: 104902 5e7805af7d37cb33729cb4dac9eba20b\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-25.2_i386.deb\n Size/MD5 checksum: 378598 6caec31ea8eb30886c67ea6b6b7f1de2\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-25.2_i386.deb\n Size/MD5 checksum: 524486 e1a321f6b721c3558d01c30bb7853ed0\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-25.2_m68k.deb\n Size/MD5 checksum: 822694 eb6ffca2442a0e349d75442c39b60058\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-25.2_m68k.deb\n Size/MD5 checksum: 103996 569c48f8230b8a32e1566abbe8119a97\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-25.2_m68k.deb\n Size/MD5 checksum: 372478 c70244a70b11a0a12469e73a5d45700a\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-25.2_m68k.deb\n Size/MD5 checksum: 508900 e558da07384019b14c8efa35f158e170\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-25.2_powerpc.deb\n Size/MD5 checksum: 845414 1849c1ebc46de0d049adc7bc1c380a81\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-25.2_powerpc.deb\n Size/MD5 checksum: 107140 9835e3fd5976e3c7e62dfb769613d497\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-25.2_powerpc.deb\n Size/MD5 checksum: 416796 59a13d718787b3b9a74b5beaa0722700\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-25.2_powerpc.deb\n Size/MD5 checksum: 599540 4a6525eb645302b33ae3e5e36a00e635\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-25.2_sparc.deb\n Size/MD5 checksum: 847992 32bfeca9c41f4e3ed1b804964c207bb2\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-25.2_sparc.deb\n Size/MD5 checksum: 110630 ee56c9b88d636deb461e5c1bba7a60c1\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-25.2_sparc.deb\n Size/MD5 checksum: 408062 836871565f8372f2c445a21ca92a2c68\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-25.2_sparc.deb\n Size/MD5 checksum: 577680 d63570ae5d9e77f5355946790cfb7a41\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2.dsc\n Size/MD5 checksum: 638 e6a1b43dc49307acf2232ff96f35bbc2\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2.diff.gz\n Size/MD5 checksum: 33551 ecbe79a69a1a3d6becad7c64ae145cf2\n http://ftp.debian.org/debian/pool/main/c/canna/canna_3.5b2.orig.tar.gz\n Size/MD5 checksum: 1328622 5e1d8527d397c3914ce6104dac3db466\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_alpha.deb\n Size/MD5 checksum: 823240 13ce880cf2a307fad02871c0b0038cb4\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_alpha.deb\n Size/MD5 checksum: 100324 fe7df07f7d8c32350c78700b4676f767\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_alpha.deb\n Size/MD5 checksum: 519324 4086143d75c9f471ad2af710d57224e9\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_alpha.deb\n Size/MD5 checksum: 686028 fa5becb891994f09e7d908fea479567f\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_arm.deb\n Size/MD5 checksum: 758898 6a1c2f4c4aaa5b4df360cca2abb5df05\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_arm.deb\n Size/MD5 checksum: 88512 67bafc9f80f6d7f456112bbd25c03eef\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_arm.deb\n Size/MD5 checksum: 500828 25f5b111b3b2b0f85bc362f31de0bf9f\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_arm.deb\n Size/MD5 checksum: 639694 01e1fb9e5b03abb0b03534597369a4cd\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_i386.deb\n Size/MD5 checksum: 739140 d4027259233371417daf83cae364821f\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_i386.deb\n Size/MD5 checksum: 85214 c4be85826d987cdb998f8d1553a717bb\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_i386.deb\n Size/MD5 checksum: 425070 783ab8b9e218e7417f28f7e3fd39ab75\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_i386.deb\n Size/MD5 checksum: 504722 8a0fc6ba30e79b2d5ec934389e3a318b\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_ia64.deb\n Size/MD5 checksum: 856744 e272ef5eccb4003dfc708bc8f0a2544d\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_ia64.deb\n Size/MD5 checksum: 100296 0b691e644367fa7d59c482e14c254bd2\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_ia64.deb\n Size/MD5 checksum: 666068 4a04e7e5b3f492aba777d9c33836dec9\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_ia64.deb\n Size/MD5 checksum: 804446 c3ab0c92a439f47052bdfb148355dfd9\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_hppa.deb\n Size/MD5 checksum: 772614 2c6a51539363707b41286615e218179e\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_hppa.deb\n Size/MD5 checksum: 91900 f794a31a494a3a4fd80c59483dd2e0f2\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_hppa.deb\n Size/MD5 checksum: 538634 8463c3acf431f83ef826eeadfc3eb99f\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_hppa.deb\n Size/MD5 checksum: 657552 411a1f10c969547fddb6f047b42f0a63\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_m68k.deb\n Size/MD5 checksum: 731182 136da3d7cfcda71f7275de0988fb4561\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_m68k.deb\n Size/MD5 checksum: 84238 8364257de6f6894d5d726f9b49dce6d0\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_m68k.deb\n Size/MD5 checksum: 416908 52bc57f534f6e7e0fe4dada16169894f\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_m68k.deb\n Size/MD5 checksum: 489564 5878a41af5746a1b5841b5f1f6e0e28e\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_mips.deb\n Size/MD5 checksum: 780574 157e20672ee009fc835302cfad23ad11\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_mips.deb\n Size/MD5 checksum: 88902 b5e9cf919b016e6ab228a9c124dbdd52\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_mips.deb\n Size/MD5 checksum: 460170 55133178c7171a351e9bd38352add4ff\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_mips.deb\n Size/MD5 checksum: 646012 b86efd7dfe44e1ec7f79910627c8a97c\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_mipsel.deb\n Size/MD5 checksum: 780858 799c1e5c951d87bbe1e8e31b8c140d6e\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_mipsel.deb\n Size/MD5 checksum: 89624 7dc318acd3a3bc47d3cae6f7f9fcb51a\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_mipsel.deb\n Size/MD5 checksum: 456680 b083f96b73d2bcad81f0580a4dd968f8\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_mipsel.deb\n Size/MD5 checksum: 642386 27ee527a1678350d0774bd50d72a088f\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_powerpc.deb\n Size/MD5 checksum: 755676 d14a7985c636adf7ab3eeac2bf6d8196\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_powerpc.deb\n Size/MD5 checksum: 87340 7900b21a0b313a48a4da0e3cd21226dd\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_powerpc.deb\n Size/MD5 checksum: 463002 fdd0e14b54166b77511ae2856446a1df\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_powerpc.deb\n Size/MD5 checksum: 583258 598d5ef438106cc397265b23944858e2\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_s390.deb\n Size/MD5 checksum: 746032 5c13e6423f752ce11d79744084f5d2ac\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_s390.deb\n Size/MD5 checksum: 86426 08d17ab5d22e05a77058f7268e598561\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_s390.deb\n Size/MD5 checksum: 476894 5f7b7dcc9d30c37ef5fbbb8f18d3ac6d\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_s390.deb\n Size/MD5 checksum: 545124 e886f6baafab20ebe610dcd274d62488\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_sparc.deb\n Size/MD5 checksum: 764686 0fc60862883949010d2220cb0c03aab3\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_sparc.deb\n Size/MD5 checksum: 94930 7a3157038ea8eb7d4108070233c6b16a\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_sparc.deb\n Size/MD5 checksum: 455632 6a02a0193344f0631ff27c74abcf80af\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_sparc.deb\n Size/MD5 checksum: 559814 693a3e65fd8c2b963538f47560f89782\n\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2003-01-08T15:26:41", "type": "debian", "title": "[SECURITY] [DSA 224-1] New canna packages fix buffer overflow and denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2002-1158", "CVE-2002-1159"], "modified": "2003-01-08T15:26:41", "id": "DEBIAN:DSA-224-1:C46DC", "href": "https://lists.debian.org/debian-security-announce/2003/msg00004.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-22T09:12:11", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 224-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nJanuary 8th, 2002 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : canna\nVulnerability : buffer overflow and more\nProblem-Type : local, remote\nDebian-specific: no\nCVE Id : CAN-2002-1158 CAN-2002-1159\nBugTraq Id : 6351 6354\n\nSeveral vulnerabilities have been discovered in canna, a Japanese\ninput system. The Common Vulnerabilities and Exposures (CVE) project\nidentified the following vulnerabilities:\n\n * CAN-2002-1158 (BugTraq Id 6351): "hsj" of Shadow Penguin Security\n discovered a heap overflow vulnerability in the irw_through\n function in canna server.\n\n * CAN-2002-1159 (BugTraq Id 6354): Shinra Aida of the Canna project\n discovered that canna does not properly validate requests, which\n allows remote attackers to cause a denial of service or information\n leak.\n\nFor the current stable distribution (woody) these problems have been\nfixed in version 3.5b2-46.2.\n\nFor the old stable distribution (potato) these problems have been\nfixed in version 3.5b2-25.2.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 3.6p1-1.\n\nWe recommend that you upgrade your canna packages.\n\n\nInstallation Instructions\n- -------------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 2.2 alias potato\n- ---------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-25.2.dsc\n Size/MD5 checksum: 621 3eefe4cadee26f2e74c148836428d6b1\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-25.2.diff.gz\n Size/MD5 checksum: 131811 63bb6ebf66965b21fd2d80107f720dad\n http://ftp.debian.org/debian/dists/potato/main/source/utils/canna_3.5b2.orig.tar.gz\n Size/MD5 checksum: 1328622 5e1d8527d397c3914ce6104dac3db466\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-25.2_alpha.deb\n Size/MD5 checksum: 901812 a4b31bcbfc19c9ce1ee5575595399301\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-25.2_alpha.deb\n Size/MD5 checksum: 119214 74679fa94fd305f40bb396dc993ba780\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-25.2_alpha.deb\n Size/MD5 checksum: 478650 1e2d41c1ebca00e898652dcf720492a3\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-25.2_alpha.deb\n Size/MD5 checksum: 701894 a402fb38f84c3315e71efc468c009324\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-25.2_arm.deb\n Size/MD5 checksum: 839926 6b88eb89835706fa151d393dadbedd1a\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-25.2_arm.deb\n Size/MD5 checksum: 107114 21b9623c1d662b2d23017634ebcb69dc\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-25.2_arm.deb\n Size/MD5 checksum: 409604 01e0b806a238fdf417d6892ab929b1d5\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-25.2_arm.deb\n Size/MD5 checksum: 593312 f04a0c824bed79d0e5ea6ee13a9ee838\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-25.2_i386.deb\n Size/MD5 checksum: 831452 79ede5024732deae7a3f106ca94d1d65\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-25.2_i386.deb\n Size/MD5 checksum: 104902 5e7805af7d37cb33729cb4dac9eba20b\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-25.2_i386.deb\n Size/MD5 checksum: 378598 6caec31ea8eb30886c67ea6b6b7f1de2\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-25.2_i386.deb\n Size/MD5 checksum: 524486 e1a321f6b721c3558d01c30bb7853ed0\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-25.2_m68k.deb\n Size/MD5 checksum: 822694 eb6ffca2442a0e349d75442c39b60058\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-25.2_m68k.deb\n Size/MD5 checksum: 103996 569c48f8230b8a32e1566abbe8119a97\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-25.2_m68k.deb\n Size/MD5 checksum: 372478 c70244a70b11a0a12469e73a5d45700a\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-25.2_m68k.deb\n Size/MD5 checksum: 508900 e558da07384019b14c8efa35f158e170\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-25.2_powerpc.deb\n Size/MD5 checksum: 845414 1849c1ebc46de0d049adc7bc1c380a81\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-25.2_powerpc.deb\n Size/MD5 checksum: 107140 9835e3fd5976e3c7e62dfb769613d497\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-25.2_powerpc.deb\n Size/MD5 checksum: 416796 59a13d718787b3b9a74b5beaa0722700\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-25.2_powerpc.deb\n Size/MD5 checksum: 599540 4a6525eb645302b33ae3e5e36a00e635\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-25.2_sparc.deb\n Size/MD5 checksum: 847992 32bfeca9c41f4e3ed1b804964c207bb2\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-25.2_sparc.deb\n Size/MD5 checksum: 110630 ee56c9b88d636deb461e5c1bba7a60c1\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-25.2_sparc.deb\n Size/MD5 checksum: 408062 836871565f8372f2c445a21ca92a2c68\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-25.2_sparc.deb\n Size/MD5 checksum: 577680 d63570ae5d9e77f5355946790cfb7a41\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2.dsc\n Size/MD5 checksum: 638 e6a1b43dc49307acf2232ff96f35bbc2\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2.diff.gz\n Size/MD5 checksum: 33551 ecbe79a69a1a3d6becad7c64ae145cf2\n http://ftp.debian.org/debian/pool/main/c/canna/canna_3.5b2.orig.tar.gz\n Size/MD5 checksum: 1328622 5e1d8527d397c3914ce6104dac3db466\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_alpha.deb\n Size/MD5 checksum: 823240 13ce880cf2a307fad02871c0b0038cb4\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_alpha.deb\n Size/MD5 checksum: 100324 fe7df07f7d8c32350c78700b4676f767\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_alpha.deb\n Size/MD5 checksum: 519324 4086143d75c9f471ad2af710d57224e9\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_alpha.deb\n Size/MD5 checksum: 686028 fa5becb891994f09e7d908fea479567f\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_arm.deb\n Size/MD5 checksum: 758898 6a1c2f4c4aaa5b4df360cca2abb5df05\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_arm.deb\n Size/MD5 checksum: 88512 67bafc9f80f6d7f456112bbd25c03eef\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_arm.deb\n Size/MD5 checksum: 500828 25f5b111b3b2b0f85bc362f31de0bf9f\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_arm.deb\n Size/MD5 checksum: 639694 01e1fb9e5b03abb0b03534597369a4cd\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_i386.deb\n Size/MD5 checksum: 739140 d4027259233371417daf83cae364821f\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_i386.deb\n Size/MD5 checksum: 85214 c4be85826d987cdb998f8d1553a717bb\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_i386.deb\n Size/MD5 checksum: 425070 783ab8b9e218e7417f28f7e3fd39ab75\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_i386.deb\n Size/MD5 checksum: 504722 8a0fc6ba30e79b2d5ec934389e3a318b\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_ia64.deb\n Size/MD5 checksum: 856744 e272ef5eccb4003dfc708bc8f0a2544d\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_ia64.deb\n Size/MD5 checksum: 100296 0b691e644367fa7d59c482e14c254bd2\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_ia64.deb\n Size/MD5 checksum: 666068 4a04e7e5b3f492aba777d9c33836dec9\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_ia64.deb\n Size/MD5 checksum: 804446 c3ab0c92a439f47052bdfb148355dfd9\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_hppa.deb\n Size/MD5 checksum: 772614 2c6a51539363707b41286615e218179e\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_hppa.deb\n Size/MD5 checksum: 91900 f794a31a494a3a4fd80c59483dd2e0f2\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_hppa.deb\n Size/MD5 checksum: 538634 8463c3acf431f83ef826eeadfc3eb99f\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_hppa.deb\n Size/MD5 checksum: 657552 411a1f10c969547fddb6f047b42f0a63\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_m68k.deb\n Size/MD5 checksum: 731182 136da3d7cfcda71f7275de0988fb4561\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_m68k.deb\n Size/MD5 checksum: 84238 8364257de6f6894d5d726f9b49dce6d0\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_m68k.deb\n Size/MD5 checksum: 416908 52bc57f534f6e7e0fe4dada16169894f\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_m68k.deb\n Size/MD5 checksum: 489564 5878a41af5746a1b5841b5f1f6e0e28e\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_mips.deb\n Size/MD5 checksum: 780574 157e20672ee009fc835302cfad23ad11\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_mips.deb\n Size/MD5 checksum: 88902 b5e9cf919b016e6ab228a9c124dbdd52\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_mips.deb\n Size/MD5 checksum: 460170 55133178c7171a351e9bd38352add4ff\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_mips.deb\n Size/MD5 checksum: 646012 b86efd7dfe44e1ec7f79910627c8a97c\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_mipsel.deb\n Size/MD5 checksum: 780858 799c1e5c951d87bbe1e8e31b8c140d6e\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_mipsel.deb\n Size/MD5 checksum: 89624 7dc318acd3a3bc47d3cae6f7f9fcb51a\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_mipsel.deb\n Size/MD5 checksum: 456680 b083f96b73d2bcad81f0580a4dd968f8\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_mipsel.deb\n Size/MD5 checksum: 642386 27ee527a1678350d0774bd50d72a088f\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_powerpc.deb\n Size/MD5 checksum: 755676 d14a7985c636adf7ab3eeac2bf6d8196\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_powerpc.deb\n Size/MD5 checksum: 87340 7900b21a0b313a48a4da0e3cd21226dd\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_powerpc.deb\n Size/MD5 checksum: 463002 fdd0e14b54166b77511ae2856446a1df\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_powerpc.deb\n Size/MD5 checksum: 583258 598d5ef438106cc397265b23944858e2\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_s390.deb\n Size/MD5 checksum: 746032 5c13e6423f752ce11d79744084f5d2ac\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_s390.deb\n Size/MD5 checksum: 86426 08d17ab5d22e05a77058f7268e598561\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_s390.deb\n Size/MD5 checksum: 476894 5f7b7dcc9d30c37ef5fbbb8f18d3ac6d\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_s390.deb\n Size/MD5 checksum: 545124 e886f6baafab20ebe610dcd274d62488\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/c/canna/canna_3.5b2-46.2_sparc.deb\n Size/MD5 checksum: 764686 0fc60862883949010d2220cb0c03aab3\n http://security.debian.org/pool/updates/main/c/canna/canna-utils_3.5b2-46.2_sparc.deb\n Size/MD5 checksum: 94930 7a3157038ea8eb7d4108070233c6b16a\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g_3.5b2-46.2_sparc.deb\n Size/MD5 checksum: 455632 6a02a0193344f0631ff27c74abcf80af\n http://security.debian.org/pool/updates/main/c/canna/libcanna1g-dev_3.5b2-46.2_sparc.deb\n Size/MD5 checksum: 559814 693a3e65fd8c2b963538f47560f89782\n\n\n These files will probably be moved into the stable distribution on\n its next revision.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>", "cvss3": {}, "published": "2003-01-08T15:26:41", "type": "debian", "title": "[SECURITY] [DSA 224-1] New canna packages fix buffer overflow and denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2002-1158", "CVE-2002-1159"], "modified": "2003-01-08T15:26:41", "id": "DEBIAN:DSA-224-1:72F73", "href": "https://lists.debian.org/debian-security-announce/2003/msg00004.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-21T04:44:14", "description": "Canna is a kana-kanji conversion server which is necessary for Japanese\nlanguage character input. \n\nA buffer overflow bug in the Canna server up to and including version 3.5b2\nallows a local user to gain the privileges of the user 'bin' which can\nlead to further exploits. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2002-1158 to this issue.\n\nIn addition, it was discovered that request validation was lacking in Canna\nserver versions 3.6 and earlier. A malicious remote user could exploit this\nvulnerability to leak information or cause a denial of service attack. \n(CAN-2002-1159)\n\nRed Hat Linux Advanced Server ships with a Canna package vulnerable\nto these issues; however, the package is normally only installed when\nJapanese language support is selected during installation.\n\nAll users of Canna are advised to upgrade to these errata packages which\ncontain a backported security fix and are not vulnerable to this issue.\n\nRed Hat would like to thank hsj and AIDA Shinra for the responsible\ndisclosure of these issues.", "cvss3": {}, "published": "2003-02-06T00:00:00", "type": "redhat", "title": "(RHSA-2002:261) Canna security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2002-1158", "CVE-2002-1159"], "modified": "2018-03-14T15:26:34", "id": "RHSA-2002:261", "href": "https://access.redhat.com/errata/RHSA-2002:261", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T13:20:10", "description": "The Canna server, used for Japanese character input, has two security vulnerabilities including an exploitable buffer overflow that allows a local user to gain 'bin' user privileges. Updated packages for Red Hat Linux Advanced Server are available.\n\n[Updated 13 Jan 2003] Added fixed packages for the Itanium (IA64) architecture.\n\n[Updated 06 Feb 2003] Added fixed packages for Advanced Workstation 2.1\n\nCanna is a kana-kanji conversion server which is necessary for Japanese language character input.\n\nA buffer overflow bug in the Canna server up to and including version 3.5b2 allows a local user to gain the privileges of the user 'bin' which can lead to further exploits. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-1158 to this issue.\n\nIn addition, it was discovered that request validation was lacking in Canna server versions 3.6 and earlier. A malicious remote user could exploit this vulnerability to leak information or cause a denial of service attack. (CVE-2002-1159)\n\nRed Hat Linux Advanced Server ships with a Canna package vulnerable to these issues; however, the package is normally only installed when Japanese language support is selected during installation.\n\nAll users of Canna are advised to upgrade to these errata packages which contain a backported security fix and are not vulnerable to this issue.\n\nRed Hat would like to thank hsj and AIDA Shinra for the responsible disclosure of these issues.", "cvss3": {"score": null, "vector": null}, "published": "2004-07-06T00:00:00", "type": "nessus", "title": "RHEL 2.1 : Canna (RHSA-2002:261)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2002-1158", "CVE-2002-1159"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:Canna", "p-cpe:/a:redhat:enterprise_linux:Canna-devel", "p-cpe:/a:redhat:enterprise_linux:Canna-libs", "cpe:/o:redhat:enterprise_linux:2.1"], "id": "REDHAT-RHSA-2002-261.NASL", "href": "https://www.tenable.com/plugins/nessus/12336", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2002:261. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(12336);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2002-1158\", \"CVE-2002-1159\");\n script_xref(name:\"RHSA\", value:\"2002:261\");\n\n script_name(english:\"RHEL 2.1 : Canna (RHSA-2002:261)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Canna server, used for Japanese character input, has two security\nvulnerabilities including an exploitable buffer overflow that allows a\nlocal user to gain 'bin' user privileges. Updated packages for Red Hat\nLinux Advanced Server are available.\n\n[Updated 13 Jan 2003] Added fixed packages for the Itanium (IA64)\narchitecture.\n\n[Updated 06 Feb 2003] Added fixed packages for Advanced Workstation\n2.1\n\nCanna is a kana-kanji conversion server which is necessary for\nJapanese language character input.\n\nA buffer overflow bug in the Canna server up to and including version\n3.5b2 allows a local user to gain the privileges of the user 'bin'\nwhich can lead to further exploits. The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CVE-2002-1158\nto this issue.\n\nIn addition, it was discovered that request validation was lacking in\nCanna server versions 3.6 and earlier. A malicious remote user could\nexploit this vulnerability to leak information or cause a denial of\nservice attack. (CVE-2002-1159)\n\nRed Hat Linux Advanced Server ships with a Canna package vulnerable to\nthese issues; however, the package is normally only installed when\nJapanese language support is selected during installation.\n\nAll users of Canna are advised to upgrade to these errata packages\nwhich contain a backported security fix and are not vulnerable to this\nissue.\n\nRed Hat would like to thank hsj and AIDA Shinra for the responsible\ndisclosure of these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2002-1158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2002-1159\"\n );\n # http://canna.sourceforge.jp/sec/Canna-2002-01.txt\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://canna.osdn.jp/sec/Canna-2002-01.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2002:261\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected Canna, Canna-devel and / or Canna-libs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:Canna\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:Canna-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:Canna-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2002/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2002:261\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"Canna-3.5b2-50.as21.1\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"Canna-devel-3.5b2-50.as21.1\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"Canna-libs-3.5b2-50.as21.1\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Canna / Canna-devel / Canna-libs\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:18:46", "description": "Several vulnerabilities have been discovered in canna, a Japanese input system. The Common Vulnerabilities and Exposures (CVE) project identified the following vulnerabilities :\n\n - CAN-2002-1158 (BugTraq Id 6351): 'hsj' of Shadow Penguin Security discovered a heap overflow vulnerability in the irw_through function in canna server.\n - CAN-2002-1159 (BugTraq Id 6354): Shinra Aida of the Canna project discovered that canna does not properly validate requests, which allows remote attackers to cause a denial of service or information leak.", "cvss3": {"score": null, "vector": null}, "published": "2004-09-29T00:00:00", "type": "nessus", "title": "Debian DSA-224-1 : canna - buffer overflow and more", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2002-1158", "CVE-2002-1159"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:canna", "cpe:/o:debian:debian_linux:2.2", "cpe:/o:debian:debian_linux:3.0"], "id": "DEBIAN_DSA-224.NASL", "href": "https://www.tenable.com/plugins/nessus/15061", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-224. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15061);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2002-1158\", \"CVE-2002-1159\");\n script_bugtraq_id(6351, 6354);\n script_xref(name:\"DSA\", value:\"224\");\n\n script_name(english:\"Debian DSA-224-1 : canna - buffer overflow and more\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in canna, a Japanese\ninput system. The Common Vulnerabilities and Exposures (CVE) project\nidentified the following vulnerabilities :\n\n - CAN-2002-1158 (BugTraq Id 6351): 'hsj' of Shadow Penguin\n Security discovered a heap overflow vulnerability in the\n irw_through function in canna server.\n - CAN-2002-1159 (BugTraq Id 6354): Shinra Aida of the\n Canna project discovered that canna does not properly\n validate requests, which allows remote attackers to\n cause a denial of service or information leak.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2003/dsa-224\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the canna packages.\n\nFor the current stable distribution (woody) these problems have been\nfixed in version 3.5b2-46.2.\n\n\nFor the old stable distribution (potato) these problems have been\nfixed in version 3.5b2-25.2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:canna\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:2.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"2.2\", prefix:\"canna\", reference:\"3.5b2-25.2\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"canna-utils\", reference:\"3.5b2-25.2\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"libcanna1g\", reference:\"3.5b2-25.2\")) flag++;\nif (deb_check(release:\"2.2\", prefix:\"libcanna1g-dev\", reference:\"3.5b2-25.2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"canna\", reference:\"3.5b2-46.2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"canna-utils\", reference:\"3.5b2-46.2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libcanna1g\", reference:\"3.5b2-46.2\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libcanna1g-dev\", reference:\"3.5b2-46.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-24T12:50:06", "description": "The remote host is missing an update to canna\nannounced via advisory DSA 224-1.", "cvss3": {}, "published": "2008-01-17T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 224-1 (canna)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2002-1159", "CVE-2002-1158"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:53720", "href": "http://plugins.openvas.org/nasl.php?oid=53720", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_224_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 224-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in canna, a Japanese\ninput system. The Common Vulnerabilities and Exposures (CVE) project\nidentified the following vulnerabilities:\n\n* CVE-2002-1158 (BugTraq Id 6351): hsj of Shadow Penguin Security\ndiscovered a heap overflow vulnerability in the irw_through\nfunction in canna server.\n\n* CVE-2002-1159 (BugTraq Id 6354): Shinra Aida of the Canna project\ndiscovered that canna does not properly validate requests, which\nallows remote attackers to cause a denial of service or information\nleak.\n\nFor the current stable distribution (woody) these problems have been\nfixed in version 3.5b2-46.2.\n\nFor the old stable distribution (potato) these problems have been\nfixed in version 3.5b2-25.2.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 3.6p1-1.\n\nWe recommend that you upgrade your canna packages.\";\ntag_summary = \"The remote host is missing an update to canna\nannounced via advisory DSA 224-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20224-1\";\n\nif(description)\n{\n script_id(53720);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:28:10 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2002-1158\", \"CVE-2002-1159\");\n script_bugtraq_id(6351,6354);\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 224-1 (canna)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"canna\", ver:\"3.5b2-25.2\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"canna-utils\", ver:\"3.5b2-25.2\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcanna1g\", ver:\"3.5b2-25.2\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcanna1g-dev\", ver:\"3.5b2-25.2\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"canna\", ver:\"3.5b2-46.2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"canna-utils\", ver:\"3.5b2-46.2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcanna1g\", ver:\"3.5b2-46.2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcanna1g-dev\", ver:\"3.5b2-46.2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}

CVE-2002-1159

Description

Affected Package

Related