From owner-freebsd-security Mon Apr 24 12:32:16 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 2824437BB99; Mon, 24 Apr 2000 12:32:11 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id MAA84002; Mon, 24 Apr 2000 12:32:10 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Mon, 24 Apr 2000 12:32:10 -0700 (PDT) From: Kris Kennaway To: Przemyslaw Frasunek Cc: BUGTRAQ@SECURITYFOCUS.COM, freebsd-security@freebsd.org, security-officer@freebsd.org Subject: Re: freebsd libncurses overflow In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 24 Apr 2000, Kris Kennaway wrote: > On Mon, 24 Apr 2000, Przemyslaw Frasunek wrote: > > > - 3.4-STABLE -- vulnerable > > - 4.0-STABLE -- not tested (probably *not* vulnerable) > > -- *not* vulnerable > > > - 5.0-CURRENT -- *not* vulnerable > > Unfortunately, Mr Frasunek didn't see fit to notifying us before releasing > his advisory - it will probably be a day or two before this gets > fixed. Sorry all. Furthermore, it is not actually a vulnerability. It seems that setuid programs will not accept an alternate termcap file via TERMCAP even under the old version of ncurses in FreeBSD 3.x. Therefore this "exploit" can only be used on your own binaries. (If we'd have been told beforehand I could have saved Mr Frasunek the embarrassment ;-) Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message