Bug 20809 - ncurses allows local privilege escalation
ncurses allows local privilege escalation
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: ncurses (Show other bugs)
7.0
All Linux
high Severity medium
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
Aaron Brown
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-11-13 21:17 EST by Daniel Roesen
Modified: 2007-03-26 23:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-11-21 09:53:29 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Daniel Roesen 2000-11-13 21:17:31 EST
Please see the corresponding BugTraq posting of the FreeBSD team or when it
appears:

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:68.ncurses.asc

Are we also vulnerable to this one?
Comment 1 Jarno Huuskonen 2000-11-14 06:05:52 EST
When Jouko Pynnvnen first reported the ncurses-vulnerability. I had a look
in the ncurses that comes with RH6.2 and AFAIK it is vulnerable to the 
buffer overflow.
(But there are no suid/sgid-ncurses programs in RH6.2????) ... I think the
rawhide ncurses-rpms already have a patch for this.

I still hope that you'll release a fixed ncurses for RH6.2

-Jarno 
Comment 2 Bernhard Rosenkraenzer 2000-11-14 11:21:52 EST
We're affected and we'll release a fix.

Actually, the package has been built and QAed and is currently waiting for someone with access to our gpg key to sign it.

If you don't want to wait for them, get the SRPM package from rawhide and recompile.
Comment 3 Daniel Roesen 2000-11-21 09:53:25 EST
Sorry, but one whole week (up to now) to get someone sign a package and push it 
to the FTP server? For a security-relevant update?
Comment 4 Bernhard Rosenkraenzer 2000-11-23 11:25:13 EST
Released

Note You need to log in before you can comment on or make changes to this bug.