The ncurses library v4.2 and 5.0 contains exploitable buffer overflows which can be used to gain additional priveledge if there are SUID programs which use ncurses and the library implementation supports ~/.terminfo. Vulnerable programs found so far include Red Hat and SuSE cda, FreeBSD /usr/bin/systat, and OpenBSD /usr/bin/systat.
cd14250aa0648fdf5f3d589e34c08c13e7c735b8731d2b965eb799837ca4e257Red Hat Security Advisory 2021-4426-03 - The ncurses library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool captoinfo. Issues addressed include a buffer overflow vulnerability.
2f95c946e089959f9a7c88335fec243ddc60b03d1e9787ae2a6ebb923569b2b2FreeBSD Security Advisory - The ncurses library, which comes with the base install of FreeBSD, contains exploitable buffer overflows. /usr/sbin/lpc, /usr/bin/top, and /usr/bin/systat link against ncurses and may be exploitable.
6e2f643e0e68e2fe8e83e3707adb527bf755e474093377e4e504f6b2a2f21ed4SuSE Security Advisory - A vulnerability has been found in the ncurses library, which is used by many text based applications. Insufficient boundary checking leads to a buffer overflow if a user supplies a specially drafted terminfo database file. If an ncurses-linked binary is installed setuid root, it is possible for a local attacker to exploit this hole and gain local root access. SuSE recommends patching this vulnerability by removing the SUID bits from xaos, screen, and cda.
ac12b02288d39d5602539adb46a4349398da66ae75f08fcfd4f548ea2d04d609
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed