Bugtraq mailing list archives
Re: freebsd libncurses overflow
From: kris () FREEBSD ORG (Kris Kennaway)
Date: Mon, 24 Apr 2000 12:32:10 -0700
On Mon, 24 Apr 2000, Kris Kennaway wrote:
On Mon, 24 Apr 2000, Przemyslaw Frasunek wrote:- 3.4-STABLE -- vulnerable - 4.0-STABLE -- not tested (probably *not* vulnerable)-- *not* vulnerable- 5.0-CURRENT -- *not* vulnerableUnfortunately, Mr Frasunek didn't see fit to notifying us before releasing his advisory - it will probably be a day or two before this gets fixed. Sorry all.
Furthermore, it is not actually a vulnerability. It seems that setuid programs will not accept an alternate termcap file via TERMCAP even under the old version of ncurses in FreeBSD 3.x. Therefore this "exploit" can only be used on your own binaries. (If we'd have been told beforehand I could have saved Mr Frasunek the embarrassment ;-) Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe <forsythe () alum mit edu>
Current thread:
- IE 5 security vulnerablity - circumventing Cross-frame security policy using Java/JavaScript (and disabling Active Scripting is not that easy) Georgi Guninski (Apr 18)
- RFP2K03: Contemplations on dvwssr.dll and its affects on life rain forest puppy (Apr 20)
- Microsoft Security Bulletin (MS00-026) Microsoft Product Security (Apr 20)
- Re: IE 5 security vulnerablity - circumventing Cross-frame security policy using Java/JavaScript (and disabling Active Scripting is not that easy) TAKAGI, Hiromitsu (Apr 20)
- freebsd libncurses overflow Przemyslaw Frasunek (Apr 24)
- Re: freebsd libncurses overflow Kris Kennaway (Apr 24)
- Re: freebsd libncurses overflow Kris Kennaway (Apr 24)
- Re: freebsd libncurses overflow Przemyslaw Frasunek (Apr 25)
- freebsd libncurses overflow Przemyslaw Frasunek (Apr 24)
- Re: freebsd libncurses overflow Bill Fumerola (Apr 24)
- Re: freebsd libncurses overflow Theo de Raadt (Apr 26)
- Denial of Service Against pcAnywhere. Vacuum (Apr 25)
- Re: ZoneAlarm Gary Buckmaster (Apr 22)
- CVS DoS Michal Szymanski (Apr 23)
- Re: CVS DoS Kris Kennaway (Apr 24)