Author: JT Smith
The advisory is at LWN.net: The ncurses library is used by many text/console based applications
such as mail user agents, ftp clients and other command line utilities.
A vulnerability has been found by Jouko Pynnnen
in the screen handling functions: Insufficient boundary checking leads
to a buffer overflow if a user supplies a specially drafted terminfo
database file. If an ncurses-linked binary is installed setuid root,
it is possible for a local attacker to exploit this hole and gain
elevated privileges.
such as mail user agents, ftp clients and other command line utilities.
A vulnerability has been found by Jouko Pynn
in the screen handling functions: Insufficient boundary checking leads
to a buffer overflow if a user supplies a specially drafted terminfo
database file. If an ncurses-linked binary is installed setuid root,
it is possible for a local attacker to exploit this hole and gain
elevated privileges.
Category:
- Linux