FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

zhcon -- unauthorized file access

Affected packages
zh-zhcon < 0.2.3_3
zhcon < 0.2.3_3


VuXML ID d371b627-6ed5-11d9-bd18-000a95bc6fae
Discovery 2005-01-25
Entry 2005-01-25

Martin Joey Schulze reports:

Erik Sjöund discovered that zhcon, a fast console CJK system using the Linux framebuffer, accesses a user-controlled configuration file with elevated privileges. Thus, it is possible to read arbitrary files.

When installed from the FreeBSD Ports Collection, zhcon is installed set-user-ID root.


CVE Name CVE-2005-0072