[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] ncurses vulnerabilities

To: linux-security
Subject: [linux-security] ncurses vulnerabilities
Date: Fri, 24 Nov 2000 10:17:22 -0800 (PST)

Overview
========
Setuid programs that use ncurses may be used to gain local root access. 

Problem Description
===================
There used to be an overflowable buffer in the part of the ncurses library
handling cursor movement.
Attackers can force a privileged application to use their own termcap file
containing a special terminal entry which will trigger the ncurses
vulnerability, allowing them to execute arbitrary code with the privileges
of the exploited binary.

Affected Systems
================
(probably) all Linux distributions

Solution
========
RedHat 6.x
rpm -Fvh ncurses-5.0-12.i386.rpm ncurses-devel-5.0-12.i386.rpm

RedHat 7.0
rpm -Fvh ncurses-5.2-2.i386.rpm ncurses-devel-5.2-2.i386.rpm

Debian 2.2 (potato)
upgrade to the following packages: libncurses5-dbg_5.0-6.0potato1_i386.deb
                                   libncurses5-dev_5.0-6.0potato1_i386.deb
                                   libncurses5_5.0-6.0potato1_i386.deb
                                   ncurses-bin_5.0-6.0potato1_i386.deb

Debian Unstable (woody)
upgrade to ncurses 5.0-8 (sorry, I don't know the exact package names)

Caldera
rpm -Fvh ncurses-4.2-6.i386.rpm \
         ncurses-devel-4.2-6.i386.rpm \
         ncurses-devel-static-4.2-6.i386.rpm \
         ncurses-termcap-devel-4.2-6.i386.rpm \
         ncurses-termcap-devel-static-4.2-6.i386.rpm

Prev by Date: [linux-security] netscape buffer overflows
Next by Date: [linux-security] joe symlink bugs
Prev by thread: [linux-security] joe symlink bugs
Next by thread: [linux-security] netscape buffer overflows
Index(es):
- Date
- Thread