![[LWN Logo]](/images/lcorner.png) |
|
![[Timeline]](/images/Included.png) |
Date: Thu, 12 Oct 2000 12:12:11 -0600
From: Caldera Support Info <sup-info@locutus4.calderasystems.com>
To: announce@lists.calderasystems.com, bugtraq@securityfocus.com,
Subject: Security Upeate: buffer overflows in ncurses
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
Caldera Systems, Inc. Security Advisory
Subject: buffer overflows in ncurses
Advisory number: CSSA-2000-036.0
Issue date: 2000 October, 11
Cross reference:
______________________________________________________________________________
1. Problem Description
There is a buffer overflow in ncurses which allows local users
to exploit setuid / setgid applications that link against ncurses
to gain access to their permissions.
Following applications shipped with OpenLinux might be affected
by this problem:
* lpq (not exploitable)
* minicom (potentially exploitable, but is only setgid uucp)
* mutt_dotlock (not exploitable)
2. Vulnerable Versions
System Package
-----------------------------------------------------------
OpenLinux Desktop 2.3 All packages previous to
ncurses-4.2-6
OpenLinux eServer 2.3 All packages previous to
and OpenLinux eBuilder ncurses-4.2-6
OpenLinux eDesktop 2.4 All packages previous to
ncurses-4.2-6
3. Solution
Workaround:
None known.
The proper solution is to upgrade to the fixed packages.
4. OpenLinux Desktop 2.3
4.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS
4.2 Verification
f31b8e7d2d35ca8f8003cd580eb4a643 RPMS/ncurses-4.2-6.i386.rpm
16abd61e99c33cb61ae68a8796e81d7f RPMS/ncurses-devel-4.2-6.i386.rpm
02f355cb7e3beb3b9cd132461ab0a857 RPMS/ncurses-devel-static-4.2-6.i386.rpm
64bf29f03acc305756b9abdcfbb76a7f RPMS/ncurses-termcap-devel-4.2-6.i386.rpm
b569d3980e687e6f516510d865158cee RPMS/ncurses-termcap-devel-static-4.2-6.i386.rpm
72d2512519731ed4e4e66cb3099d8b17 SRPMS/ncurses-4.2-6.src.rpm
4.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fhv ncurses-*.i386.rpm
5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0
5.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS
5.2 Verification
1a7b87dd8146b9529aad5dd6303e248a RPMS/ncurses-4.2-6.i386.rpm
b35e9397d8bd9584aae7482775f64dd2 RPMS/ncurses-devel-4.2-6.i386.rpm
2af93cedddae6f32a2d49ac5182d7f67 RPMS/ncurses-devel-static-4.2-6.i386.rpm
dc654d552c15d9d438270b5019584988 RPMS/ncurses-termcap-devel-4.2-6.i386.rpm
4da3269d769520ff3f64f026a293f028 RPMS/ncurses-termcap-devel-static-4.2-6.i386.rpm
72d2512519731ed4e4e66cb3099d8b17 SRPMS/ncurses-4.2-6.src.rpm
5.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fhv ncurses-*.i386.rpm
6. OpenLinux eDesktop 2.4
6.1 Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS
6.2 Verification
afd119c5acda89001cea005faacb32f1 RPMS/ncurses-4.2-6.i386.rpm
7eaa20203c718449f43a9e12cc0ce8f7 RPMS/ncurses-devel-4.2-6.i386.rpm
551843505cd6c87948bb695cc034f73c RPMS/ncurses-devel-static-4.2-6.i386.rpm
b40dd2ad2a081c20eb4f8c414c467baa RPMS/ncurses-termcap-devel-4.2-6.i386.rpm
869064fed6dcf2fee13ee518f2dcb236 RPMS/ncurses-termcap-devel-static-4.2-6.i386.rpm
72d2512519731ed4e4e66cb3099d8b17 SRPMS/ncurses-4.2-6.src.rpm
6.3 Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -Fhv ncurses-*.i386.rpm
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/support/security/index.html
This security fix closes Caldera's internal Problem Report 7948.
8. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any of the
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended to
promote secure installation and use of Caldera OpenLinux.
9. Acknowledgements
Caldera Systems wishes to thank Jouko Pynnönen <jouko@solutions.fi>
and Thomas Dickey <dickey@herndon4.his.com> for finding and reporting
this problem and suggesting fixes.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE55H7V18sy83A/qfwRAu+gAKCdru0KgqzKWzJ1w7P++BxvJXtIKQCffplj
YFZYGdZxVXacyrn2893IgsQ=
=m7yS
-----END PGP SIGNATURE-----