New ncurses packages fixing buffer overrun available
| Advisory: | RHSA-2000:115-02 |
|---|---|
| Type: | Security Advisory |
| Severity: | N/A |
| Issued on: | 2000-11-27 |
| Last updated on: | 2000-11-27 |
| Affected Products: | Red Hat Linux 6.2 Red Hat Linux 7.0 Red Hat Linux Enterprise Edition |
| CVEs (cve.mitre.org): |
CVE-2000-0963 |
Details
If you are any setuid applications that use ncurses and its cursor movement
functionality, local users may gain access to the program's privileges.
2000-11-27: Added packages for Red Hat Linux 7 for Alpha
There used to be an overflowable buffer in the part of the ncurses library handling cursor movement.
Attackers can force a privileged application to use their own termcap file containing a special terminal entry which will trigger the ncurses
vulnerability, allowing them to execute arbitrary code with the privileges of the exploited binary.
Solution
For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
rpm -Fvh [filename]
where filename is the name of the RPM.
Updated packages
| Red Hat Linux 6.2 | |
| SRPMS: | |
| ftp://updates.redhat.com/rhn/repository/NULL/ncurses/5.0-12/SRPMS/ncurses-5.0-12.src.rpm Missing file |
MD5: 268df5613b61b146b8cae1c59369c0b7 |
| Alpha: | |
| ftp://updates.redhat.com/rhn/repository/NULL/ncurses/5.0-12/alpha/ncurses-5.0-12.alpha.rpm Missing file |
MD5: 1decbd07374fd9fb7ae5a12641d2667b |
| ftp://updates.redhat.com/rhn/repository/NULL/ncurses-devel/5.0-12/alpha/ncurses-devel-5.0-12.alpha.rpm Missing file |
MD5: ed52d2bad06cee2cec081bb889a5e363 |
| IA-32: | |
| ftp://updates.redhat.com/rhn/repository/NULL/ncurses/5.0-12/i386/ncurses-5.0-12.i386.rpm Missing file |
MD5: d401a0317132c114a75dfeefb881f66c |
| ftp://updates.redhat.com/rhn/repository/NULL/ncurses-devel/5.0-12/i386/ncurses-devel-5.0-12.i386.rpm Missing file |
MD5: bc84ee23b1b8f960a0911a5388c52d24 |
| Sparc: | |
| ftp://updates.redhat.com/rhn/repository/NULL/ncurses/5.0-12/sparc/ncurses-5.0-12.sparc.rpm Missing file |
MD5: 654eca10b3b44afef783c39da3b254dc |
| ftp://updates.redhat.com/rhn/repository/NULL/ncurses-devel/5.0-12/sparc/ncurses-devel-5.0-12.sparc.rpm Missing file |
MD5: e273dd6e88899781bcc7441e7505de5c |
| Red Hat Linux 7.0 | |
| SRPMS: | |
| ftp://updates.redhat.com/rhn/repository/NULL/ncurses/5.2-2/SRPMS/ncurses-5.2-2.src.rpm Missing file |
MD5: 4444a46c15c28db246b191daf4f3dfde |
| Alpha: | |
| ftp://updates.redhat.com/rhn/repository/NULL/ncurses/5.2-2/alpha/ncurses-5.2-2.alpha.rpm Missing file |
MD5: 64d008bc67646bc54c3b94b84a0c63fe |
| ftp://updates.redhat.com/rhn/repository/NULL/ncurses-devel/5.2-2/alpha/ncurses-devel-5.2-2.alpha.rpm Missing file |
MD5: b2b05f687584244fd0a33583d7684b25 |
| IA-32: | |
| ftp://updates.redhat.com/rhn/repository/NULL/ncurses/5.2-2/i386/ncurses-5.2-2.i386.rpm Missing file |
MD5: 9affe6c75ae33d616ea695766c10e44e |
| ftp://updates.redhat.com/rhn/repository/NULL/ncurses-devel/5.2-2/i386/ncurses-devel-5.2-2.i386.rpm Missing file |
MD5: a555ec460de5650c4a2c42abc5de838c |
Bugs fixed (see bugzilla for more information)
20809 - ncurses allows local privilege escalation
References
Keywords
setuid
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
