Bugtraq mailing list archives
Re: freebsd libncurses overflow
From: billf () CHC-CHIMES COM (Bill Fumerola)
Date: Mon, 24 Apr 2000 15:13:15 -0400
On Mon, Apr 24, 2000 at 02:33:13PM +0200, Przemyslaw Frasunek wrote:
* Vulnerable Versions - 3.4-STABLE -- vulnerable - 4.0-STABLE -- not tested (probably *not* vulnerable) - 5.0-CURRENT -- *not* vulnerable
Isn't this an ncurses problem and not a FreeBSD problem? If later versions of FreeBSD aren't vulnerable, its probably only because they have a more recent version of ncurses. Wouldn't it be more proper to mention the version of _ncurses_ with this problem? The code is simply imported from: revision 1.1.1.1 date: 1999/08/24 01:06:35; author: peter; state: Exp; lines: +0 -0 Import unmodified (but trimmed) ncurses 5.0 prerelease 990821. This contains the full eti (panel, form, menu) extensions. bmake glue to follow. Obtained from: ftp://ftp.clark.net/pub/dickey/ncurses -- Bill Fumerola - Network Architect Computer Horizons Corp - CVM e-mail: billf () chc-chimes com / billf () FreeBSD org Office: 800-252-2421 x128 / Cell: 248-761-7272 PS. Not speaking on behalf of FreeBSD.
Current thread:
- IE 5 security vulnerablity - circumventing Cross-frame security policy using Java/JavaScript (and disabling Active Scripting is not that easy) Georgi Guninski (Apr 18)
- RFP2K03: Contemplations on dvwssr.dll and its affects on life rain forest puppy (Apr 20)
- Microsoft Security Bulletin (MS00-026) Microsoft Product Security (Apr 20)
- Re: IE 5 security vulnerablity - circumventing Cross-frame security policy using Java/JavaScript (and disabling Active Scripting is not that easy) TAKAGI, Hiromitsu (Apr 20)
- freebsd libncurses overflow Przemyslaw Frasunek (Apr 24)
- Re: freebsd libncurses overflow Kris Kennaway (Apr 24)
- Re: freebsd libncurses overflow Kris Kennaway (Apr 24)
- Re: freebsd libncurses overflow Przemyslaw Frasunek (Apr 25)
- freebsd libncurses overflow Przemyslaw Frasunek (Apr 24)
- Re: freebsd libncurses overflow Bill Fumerola (Apr 24)
- Re: freebsd libncurses overflow Theo de Raadt (Apr 26)
- Denial of Service Against pcAnywhere. Vacuum (Apr 25)
- Re: ZoneAlarm Gary Buckmaster (Apr 22)
- CVS DoS Michal Szymanski (Apr 23)
- Re: CVS DoS Kris Kennaway (Apr 24)
- Re: CVS DoS Kris Kennaway (Apr 24)
- finding Meeting Maker passwords using tcpdump mhpower () MIT EDU (Apr 24)