-----BEGIN PGP SIGNED MESSAGE----- Subject: Caldera Security Advisory SA-1998.18: Security problems in ncurses Topic: Security problems in ncurses Advisory issue date: 24-July-1998 I. Problem Description When linked into setuid applications, ncurses should always read the termcap file with the permissions of the invoking user, rather than the permissions of the application. II. Impact Description: The TERMINFO environment variable may be abused to access files which should be inaccessable to the user. Vulnerable Systems: OpenLinux 1.0, 1.1, & 1.2 Systems using ncurses packages prior to ncurses-4.1-2. III. Solution Correction: The proper solution is to Upgrade to the ncurses-4.1-2 packages. They can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/010/RPMS The corresponding source code can be found at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/010/SRPMS The MD5 checksums (from the "md5sum" command) for these packages are: 7f96ab6ec353c2704b6040af2f2617c5 RPMS/ncurses-4.1-2.i386.rpm 59e23822cf617c2caa49474869325206 RPMS/ncurses-devel-4.1-2.i386.rpm 9ba5b7941c045f3bec33464d745186dd RPMS/ncurses-devel-compat-4.1-2.i386.rpm e8a168dc845e772a55f6c94c17ed407b RPMS/ncurses-devel-static-4.1-2.i386.rpm fd0015a07b023bf89429b0bf665d6477 RPMS/ncurses-devel-static-compat-4.1-2.i386.rpm e920f11efa9744ad9f377c9b6a1e50fe SRPMS/ncurses-4.1-2.src.rpm Upgrade with the following commands: rpm -q ncurses-devel-static-compat && rpm -U ncurses-devel-static-compat-4.1-2.i386.rpm rpm -q ncurses-devel-static && rpm -U ncurses-devel-static-4.1-2.i386.rpm rpm -q ncurses-devel-compat && rpm -U ncurses-devel-compat-4.1-2.i386.rpm rpm -q ncurses-devel && rpm -U ncurses-devel-4.1-2.i386.rpm rpm -q ncurses && rpm -U ncurses-4.1-2.i386.rpm IV. References This and other Caldera security resources are located at: http://www.caldera.com/news/security/index.html This security fix closes Caldera's internal Problem Report 4058. V. PGP Signature This message was signed with the PGP key for security@caldera.com. This key can be obtained from: ftp://ftp.caldera.com/pub/pgp-keys/ Or on an OpenLinux CDROM under: /OpenLinux/pgp-keys/ $Id: SA-1998.18.txt,v 1.3 1998/07/24 13:02:45 rf Exp $ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNbiF9On+9R4958LpAQHCIAP/drr+EsfvtGg+OH8nH0+SUOFOp8hSnPtk izb99y5eBJZBa8o6GhCAnIh8RVXmNKJkO702yHrdEe1J8AdZTDrTvLPqKm+nLkkI Byyj5iXQep1EsBfcir81IGNugG1alHTNyO3DoCex/8MY/QqdMUt89F8NIvRO3TLn QHCm4j5nFrU= =F0q1 -----END PGP SIGNATURE-----