![[LWN Logo]](/images/lwn.banner.gif)
Date: 24 Aug 1999 18:09:07 -0000
From: listmaster@locutus.calderasystems.com
To: announce@lists.calderasystems.com
Subject: Security Advisory 22
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
Caldera Systems, Inc. Security Advisory
Subject: Security issues with telnetd and libcurses
Advisory number: CSSA-1999:022.0
Issue date: 1999 August, 23
Cross reference:
______________________________________________________________________________
1. Problem Description
There is a vulnerability in the telnet server included in Caldera
OpenLinux. When connecting, a telnet client transmits the user's
terminal type to the server. By passing a bogus terminal type, an
attacker can fool the server into opening and reading almost random files,
e.g. in the /proc filesystem. On some machines, reading certain files
below /proc can cause the machine to lock up.
The same problem exists in setuid applications linked against libncurses,
such as screen.
2. Vulnerable Versions
Systems: up to COL 2.2,
Packages: previous to netkit-telnet-0.12-3
previous to ncurses-4.2-3
3. Solutions
The proper solution is to upgrade to the latest packages
rpm -U netkit-telnet-0.12-3.i386.rpm
rpm -U ncurses-4.2-3.i386.rpm
rpm -U ncurses-termcap-devel-static-4.2-3.i386.rpm
rpm -U ncurses-termcap-devel-4.2-3.i386.rpm
rpm -U ncurses-devel-4.2-3.i386.rpm
rpm -U ncurses-devel-static-4.2-3.i386.rpm
4. Location of Fixed Packages
The upgrade packages can be found on Caldera's FTP site at:
ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.2/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.2/current/SRPMS
5. Installing Fixed Packages
Upgrade the affected packages with the following commands:
rpm -U netkit-telnet-0.12-3.i386.rpm
rpm -U ncurses-4.2-3.i386.rpm
rpm -U ncurses-termcap-devel-static-4.2-3.i386.rpm
rpm -U ncurses-termcap-devel-4.2-3.i386.rpm
rpm -U ncurses-devel-4.2-3.i386.rpm
rpm -U ncurses-devel-static-4.2-3.i386.rpm
6. Verification
825d8c5336581492ef7d59d857aa6d06 RPMS/ncurses-4.2-3.i386.rpm
2b91f24d44ead31c9c6da0ac427caf53 RPMS/ncurses-devel-4.2-3.i386.rpm
ffb4eaa3c04a1a2825f14535706ed4e0 RPMS/ncurses-devel-static-4.2-3.i386.rpm
d17e8a8fd9caba38ad317c5171173848 RPMS/ncurses-termcap-devel-4.2-3.i386.rpm
3a43b39d48258635677ce91221393add RPMS/ncurses-termcap-devel-static-4.2-3.i386.rpm
30c87d77a1ad2731931b3090fabd00b6 RPMS/netkit-telnet-0.12-3.i386.rpm
0aaae02a2bd53ed55eb9be736b5e9338 SRPMS/ncurses-4.2-3.src.rpm
6bd78bbefc87f877a17bbc0f04596d6c SRPMS/netkit-telnet-0.12-3.src.rpm
7. References
This and other Caldera security resources are located at:
http://www.calderasystems.com/news/security/index.html
This security fix closes Caldera's internal Problem Report 5086
8. Disclaimer
Caldera Systems, Inc. is not responsible for the misuse of any of the
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended to
promote secure installation and use of Caldera OpenLinux.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQCVAwUBN8JnHOn+9R4958LpAQGdUwP+L1PGz0+5AiGzZfT0I8TfQWrQedKWuY11
uWu/eps7h3hMLyLr6EnTG0s/WhIXjT1MfBmHvrj6If4GC1jaylDe9fLzT5Npuy3K
QHfuiczmmJuzZL0/v9K7sEyMRmlBRtsi1dgzbjDmiaX1cM5JnlG6Gd7V1uBafV0v
YprgbK2SLwU=
=r9j4
-----END PGP SIGNATURE-----
--
Note: To learn how to use this list server, email a "help" command to
majordomo@lists.calderasystems.com.