Bug 20809 - ncurses allows local privilege escalation
Summary: ncurses allows local privilege escalation
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: ncurses (Show other bugs)
(Show other bugs)
Version: 7.0
Hardware: All Linux
high
medium
Target Milestone: ---
Assignee: Bernhard Rosenkraenzer
QA Contact: Aaron Brown
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-11-14 02:17 UTC by Daniel Roesen
Modified: 2007-03-27 03:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-11-21 14:53:29 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Daniel Roesen 2000-11-14 02:17:31 UTC
Please see the corresponding BugTraq posting of the FreeBSD team or when it
appears:

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:68.ncurses.asc

Are we also vulnerable to this one?

Comment 1 Jarno Huuskonen 2000-11-14 11:05:52 UTC
When Jouko Pynnvnen first reported the ncurses-vulnerability. I had a look
in the ncurses that comes with RH6.2 and AFAIK it is vulnerable to the 
buffer overflow.
(But there are no suid/sgid-ncurses programs in RH6.2????) ... I think the
rawhide ncurses-rpms already have a patch for this.

I still hope that you'll release a fixed ncurses for RH6.2

-Jarno 


Comment 2 Bernhard Rosenkraenzer 2000-11-14 16:21:52 UTC
We're affected and we'll release a fix.

Actually, the package has been built and QAed and is currently waiting for someone with access to our gpg key to sign it.

If you don't want to wait for them, get the SRPM package from rawhide and recompile.

Comment 3 Daniel Roesen 2000-11-21 14:53:25 UTC
Sorry, but one whole week (up to now) to get someone sign a package and push it 
to the FTP server? For a security-relevant update?

Comment 4 Bernhard Rosenkraenzer 2000-11-23 16:25:13 UTC
Released


Note You need to log in before you can comment on or make changes to this bug.