CVE
- Id
- 929
- CVE No.
- CVE-1999-0949
- Status
- Candidate
- Description
- Buffer overflow in canuum program for Canna input system allows local users to gain root privileges.
- Phase
- Proposed (19991222)
- Votes
- ACCEPT(2) Levy, Stracener | MODIFY(1) Frech | NOOP(2) Baker, Christey
- Comments
- Christey> CVE-1999-0948 and CVE-1999-0949 are extremely similar. | uum (0948) is exploitable through a different set of options | than canuum (0949). If it"s the same generic option parsing | routine used by both programs, then CD:SF-CODEBASE says to | merge them. But if it"s not, then CD:SF-LOC and CD:SF-EXEC | says to split them. However, this is a prime example of | how SF-EXEC might be modified - uum and canuum are clearly | part of the same package, so in the absence of clear | information, maybe we should merge them. | | Also review BID:758 and BID:757 - may need to change the BID | here. | Frech> XF:canna-uum-bo | Christey> CHANGEREF BID:757 BID:758 | Christey> The following page says that canuum is a "Japanese input tty | frontend for Canna using uum," which suggests that it is, at | the least, a different package, so perhaps this should stay SPLIT. | | http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/pkgsrc/inputmethod/canuum/README.html
