If you are any setuid applications that use ncurses and its cursor movement
functionality, local users may gain access to the program's privileges.
2000-11-27: Added packages for Red Hat Linux 7 for Alpha
There used to be an overflowable buffer in the part of the ncurses library handling cursor movement.
Attackers can force a privileged application to use their own termcap file containing a special terminal entry which will trigger the ncurses
vulnerability, allowing them to execute arbitrary code with the privileges of the exploited binary.
| Red Hat Linux 6.2 |
|
| alpha: |
ftp://updates.redhat.com/6.2/alpha/ncurses-5.0-12.alpha.rpm
Missing file |
1decbd07374fd9fb7ae5a12641d2667b |
ftp://updates.redhat.com/6.2/alpha/ncurses-devel-5.0-12.alpha.rpm
Missing file |
ed52d2bad06cee2cec081bb889a5e363 |
| |
| i386: |
ftp://updates.redhat.com/6.2/i386/ncurses-5.0-12.i386.rpm
Missing file |
d401a0317132c114a75dfeefb881f66c |
ftp://updates.redhat.com/6.2/i386/ncurses-devel-5.0-12.i386.rpm
Missing file |
bc84ee23b1b8f960a0911a5388c52d24 |
| |
| sparc: |
ftp://updates.redhat.com/6.2/sparc/ncurses-5.0-12.sparc.rpm
Missing file |
654eca10b3b44afef783c39da3b254dc |
ftp://updates.redhat.com/6.2/sparc/ncurses-devel-5.0-12.sparc.rpm
Missing file |
e273dd6e88899781bcc7441e7505de5c |
| |
| Red Hat Linux 7.0 |
|
| alpha: |
ftp://updates.redhat.com/7.0/alpha/ncurses-5.2-2.alpha.rpm
Missing file |
64d008bc67646bc54c3b94b84a0c63fe |
ftp://updates.redhat.com/7.0/alpha/ncurses-devel-5.2-2.alpha.rpm
Missing file |
b2b05f687584244fd0a33583d7684b25 |
| |
| i386: |
ftp://updates.redhat.com/7.0/i386/ncurses-5.2-2.i386.rpm
Missing file |
9affe6c75ae33d616ea695766c10e44e |
ftp://updates.redhat.com/7.0/i386/ncurses-devel-5.2-2.i386.rpm
Missing file |
a555ec460de5650c4a2c42abc5de838c |
| |
20809 - ncurses allows local privilege escalation
New ncurses packages fixing buffer overrun available