Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: freebsd libncurses overflow

From: kris () FREEBSD ORG (Kris Kennaway)
Date: Mon, 24 Apr 2000 12:32:10 -0700

On Mon, 24 Apr 2000, Kris Kennaway wrote:


On Mon, 24 Apr 2000, Przemyslaw Frasunek wrote:


    - 3.4-STABLE  -- vulnerable
    - 4.0-STABLE  -- not tested (probably *not* vulnerable)


                      -- *not* vulnerable


    - 5.0-CURRENT -- *not* vulnerable


Unfortunately, Mr Frasunek didn't see fit to notifying us before releasing
his advisory - it will probably be a day or two before this gets
fixed. Sorry all.


Furthermore, it is not actually a vulnerability. It seems that setuid
programs will not accept an alternate termcap file via TERMCAP even under
the old version of ncurses in FreeBSD 3.x. Therefore this "exploit" can
only be used on your own binaries.

(If we'd have been told beforehand I could have saved Mr Frasunek the
embarrassment ;-)

Kris

----
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe () alum mit edu>
Previous By Date Next
Previous By Thread Next

Current thread: