-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: buffer overflows in ncurses Advisory number: CSSA-2000-036.0 Issue date: 2000 October, 11 Cross reference: ______________________________________________________________________________ 1. Problem Description There is a buffer overflow in ncurses which allows local users to exploit setuid / setgid applications that link against ncurses to gain access to their permissions. Following applications shipped with OpenLinux might be affected by this problem: * lpq (not exploitable) * minicom (potentially exploitable, but is only setgid uucp) * mutt_dotlock (not exploitable) 2. Vulnerable Versions System Package ----------------------------------------------------------- OpenLinux Desktop 2.3 All packages previous to ncurses-4.2-6 OpenLinux eServer 2.3 All packages previous to and OpenLinux eBuilder ncurses-4.2-6 OpenLinux eDesktop 2.4 All packages previous to ncurses-4.2-6 3. Solution Workaround: None known. The proper solution is to upgrade to the fixed packages. 4. OpenLinux Desktop 2.3 4.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS 4.2 Verification f31b8e7d2d35ca8f8003cd580eb4a643 RPMS/ncurses-4.2-6.i386.rpm 16abd61e99c33cb61ae68a8796e81d7f RPMS/ncurses-devel-4.2-6.i386.rpm 02f355cb7e3beb3b9cd132461ab0a857 RPMS/ncurses-devel-static-4.2-6.i386.rpm 64bf29f03acc305756b9abdcfbb76a7f RPMS/ncurses-termcap-devel-4.2-6.i386.rpm b569d3980e687e6f516510d865158cee RPMS/ncurses-termcap-devel-static-4.2-6.i386.rpm 72d2512519731ed4e4e66cb3099d8b17 SRPMS/ncurses-4.2-6.src.rpm 4.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fhv ncurses-*.i386.rpm 5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0 5.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS 5.2 Verification 1a7b87dd8146b9529aad5dd6303e248a RPMS/ncurses-4.2-6.i386.rpm b35e9397d8bd9584aae7482775f64dd2 RPMS/ncurses-devel-4.2-6.i386.rpm 2af93cedddae6f32a2d49ac5182d7f67 RPMS/ncurses-devel-static-4.2-6.i386.rpm dc654d552c15d9d438270b5019584988 RPMS/ncurses-termcap-devel-4.2-6.i386.rpm 4da3269d769520ff3f64f026a293f028 RPMS/ncurses-termcap-devel-static-4.2-6.i386.rpm 72d2512519731ed4e4e66cb3099d8b17 SRPMS/ncurses-4.2-6.src.rpm 5.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fhv ncurses-*.i386.rpm 6. OpenLinux eDesktop 2.4 6.1 Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS 6.2 Verification afd119c5acda89001cea005faacb32f1 RPMS/ncurses-4.2-6.i386.rpm 7eaa20203c718449f43a9e12cc0ce8f7 RPMS/ncurses-devel-4.2-6.i386.rpm 551843505cd6c87948bb695cc034f73c RPMS/ncurses-devel-static-4.2-6.i386.rpm b40dd2ad2a081c20eb4f8c414c467baa RPMS/ncurses-termcap-devel-4.2-6.i386.rpm 869064fed6dcf2fee13ee518f2dcb236 RPMS/ncurses-termcap-devel-static-4.2-6.i386.rpm 72d2512519731ed4e4e66cb3099d8b17 SRPMS/ncurses-4.2-6.src.rpm 6.3 Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -Fhv ncurses-*.i386.rpm 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/support/security/index.html This security fix closes Caldera's internal Problem Report 7948. 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. 9. Acknowledgements Caldera Systems wishes to thank Jouko Pynnönen and Thomas Dickey for finding and reporting this problem and suggesting fixes. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE55H7V18sy83A/qfwRAu+gAKCdru0KgqzKWzJ1w7P++BxvJXtIKQCffplj YFZYGdZxVXacyrn2893IgsQ= =m7yS -----END PGP SIGNATURE-----