Advisories : buffer overflows in ncurses

main menu

- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news

discussions

- read forum
- new topic
- search

meetings

- meetings list
- recent additions
- add your info

top 100 sites

- visit top sites
- sign up now
- members

webmasters

- add your url
- add domain
- search box
- link to us

projects

- our projects
- free email

m4d network

- security software
- secureroot
- m4d.com

Home : Advisories : buffer overflows in ncurses

Title:	buffer overflows in ncurses
Released by:	Caldera
Date:	11th October 2000
Printable version:	Click here

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



______________________________________________________________________________

   Caldera Systems, Inc.  Security Advisory



Subject: buffer overflows in ncurses

Advisory number: CSSA-2000-036.0

Issue date: 2000 October, 11

Cross reference:

______________________________________________________________________________





1. Problem Description



   There is a buffer overflow in ncurses which allows local users

   to exploit setuid / setgid applications that link against ncurses

   to gain access to their permissions.



   Following applications shipped with OpenLinux might be affected

   by this problem:



   * lpq (not exploitable)

   * minicom (potentially exploitable, but is only setgid uucp)

   * mutt_dotlock (not exploitable)



2. Vulnerable Versions



   System                       Package

   -----------------------------------------------------------

   OpenLinux Desktop 2.3        All packages previous to

   ncurses-4.2-6



   OpenLinux eServer 2.3        All packages previous to

   and OpenLinux eBuilder       ncurses-4.2-6



   OpenLinux eDesktop 2.4 All packages previous to

                                ncurses-4.2-6



3. Solution



   Workaround:



   None known.



   The proper solution is to upgrade to the fixed packages.



4. OpenLinux Desktop 2.3



   4.1 Location of Fixed Packages



       The upgrade packages can be found on Caldera's FTP site at:



       http://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/



       The corresponding source code package can be found at:



       http://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS



   4.2 Verification



       f31b8e7d2d35ca8f8003cd580eb4a643  RPMS/ncurses-4.2-6.i386.rpm

       16abd61e99c33cb61ae68a8796e81d7f  RPMS/ncurses-devel-4.2-6.i386.rpm

       02f355cb7e3beb3b9cd132461ab0a857  RPMS/ncurses-devel-static-4.2-6.i386.rpm

       64bf29f03acc305756b9abdcfbb76a7f  RPMS/ncurses-termcap-devel-4.2-6.i386.rpm

       b569d3980e687e6f516510d865158cee  RPMS/ncurses-termcap-devel-static-4.2-6.i386.rpm

       72d2512519731ed4e4e66cb3099d8b17  SRPMS/ncurses-4.2-6.src.rpm



   4.3 Installing Fixed Packages



       Upgrade the affected packages with the following commands:



  rpm -Fhv ncurses-*.i386.rpm



5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0



   5.1 Location of Fixed Packages



       The upgrade packages can be found on Caldera's FTP site at:



       http://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/



       The corresponding source code package can be found at:



       http://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS



   5.2 Verification



       1a7b87dd8146b9529aad5dd6303e248a  RPMS/ncurses-4.2-6.i386.rpm

       b35e9397d8bd9584aae7482775f64dd2  RPMS/ncurses-devel-4.2-6.i386.rpm

       2af93cedddae6f32a2d49ac5182d7f67  RPMS/ncurses-devel-static-4.2-6.i386.rpm

       dc654d552c15d9d438270b5019584988  RPMS/ncurses-termcap-devel-4.2-6.i386.rpm

       4da3269d769520ff3f64f026a293f028  RPMS/ncurses-termcap-devel-static-4.2-6.i386.rpm

       72d2512519731ed4e4e66cb3099d8b17  SRPMS/ncurses-4.2-6.src.rpm



   5.3 Installing Fixed Packages



       Upgrade the affected packages with the following commands:



  rpm -Fhv ncurses-*.i386.rpm



6. OpenLinux eDesktop 2.4



   6.1 Location of Fixed Packages



       The upgrade packages can be found on Caldera's FTP site at:



       http://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/



       The corresponding source code package can be found at:



       http://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS



   6.2 Verification



       afd119c5acda89001cea005faacb32f1  RPMS/ncurses-4.2-6.i386.rpm

       7eaa20203c718449f43a9e12cc0ce8f7  RPMS/ncurses-devel-4.2-6.i386.rpm

       551843505cd6c87948bb695cc034f73c  RPMS/ncurses-devel-static-4.2-6.i386.rpm

       b40dd2ad2a081c20eb4f8c414c467baa  RPMS/ncurses-termcap-devel-4.2-6.i386.rpm

       869064fed6dcf2fee13ee518f2dcb236  RPMS/ncurses-termcap-devel-static-4.2-6.i386.rpm

       72d2512519731ed4e4e66cb3099d8b17  SRPMS/ncurses-4.2-6.src.rpm



   6.3 Installing Fixed Packages



       Upgrade the affected packages with the following commands:



  rpm -Fhv ncurses-*.i386.rpm



7. References



   This and other Caldera security resources are located at:



   http://www.calderasystems.com/support/security/index.html



   This security fix closes Caldera's internal Problem Report 7948.



8. Disclaimer



   Caldera Systems, Inc. is not responsible for the misuse of any of the

   information we provide on this website and/or through our security

   advisories. Our advisories are a service to our customers intended to

   promote secure installation and use of Caldera OpenLinux.



9. Acknowledgements



   Caldera Systems wishes to thank Jouko Pynnönen 

   and Thomas Dickey  for finding and reporting

   this problem and suggesting fixes.



______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.0.1 (GNU/Linux)

Comment: For info see http://www.gnupg.org



iD8DBQE55H7V18sy83A/qfwRAu+gAKCdru0KgqzKWzJ1w7P++BxvJXtIKQCffplj

YFZYGdZxVXacyrn2893IgsQ=

=m7yS

-----END PGP SIGNATURE-----