CVE-2008-1994

Description

Multiple stack-based buffer overflows in (a) acon.c, (b) menu.c, and (c) child.c in Acon 1.0.5-5 through 1.0.5-7 allow local users to execute arbitrary code via (1) a long HOME environment variable or (2) a large number of terminal columns.

Affected products

• ahmed_abdel-hamid_mohamed / acon1.0.5-5 – 1.0.5-5
• ahmed_abdel-hamid_mohamed / acon1.0.5-6 – 1.0.5-6
• ahmed_abdel-hamid_mohamed / acon1.0.5-7 – 1.0.5-7

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/41915
• VENDOR_ADVISORYhttp://secunia.com/advisories/29909
• VENDOR_ADVISORYhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476603
• VENDOR_ADVISORYhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475733
• MISChttp://www.securityfocus.com/bid/28862