Bug 20809 - ncurses allows local privilege escalation
Summary: ncurses allows local privilege escalation
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: ncurses
Version: 7.0
Hardware: All
OS: Linux
high
medium
Target Milestone: ---
Assignee: Bernhard Rosenkraenzer
QA Contact: Aaron Brown
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-11-14 02:17 UTC by Daniel Roesen
Modified: 2007-03-27 03:37 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2000-11-21 14:53:29 UTC
Embargoed:

Attachments (Terms of Use)

Description Daniel Roesen 2000-11-14 02:17:31 UTC 
Please see the corresponding BugTraq posting of the FreeBSD team or when it
appears:

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:68.ncurses.asc

Are we also vulnerable to this one?
Comment 1 Jarno Huuskonen 2000-11-14 11:05:52 UTC 
When Jouko Pynnvnen first reported the ncurses-vulnerability. I had a look
in the ncurses that comes with RH6.2 and AFAIK it is vulnerable to the 
buffer overflow.
(But there are no suid/sgid-ncurses programs in RH6.2????) ... I think the
rawhide ncurses-rpms already have a patch for this.

I still hope that you'll release a fixed ncurses for RH6.2

-Jarno
Comment 2 Bernhard Rosenkraenzer 2000-11-14 16:21:52 UTC 
We're affected and we'll release a fix.

Actually, the package has been built and QAed and is currently waiting for someone with access to our gpg key to sign it.

If you don't want to wait for them, get the SRPM package from rawhide and recompile.
Comment 3 Daniel Roesen 2000-11-21 14:53:25 UTC 
Sorry, but one whole week (up to now) to get someone sign a package and push it 
to the FTP server? For a security-relevant update?
Comment 4 Bernhard Rosenkraenzer 2000-11-23 16:25:13 UTC 
Released
Note You need to log in before you can comment on or make changes to this bug.