October 27, 2000

Security advisory for ncurses

Author: JT Smith

The advisory is at LWN.net: The ncurses library is used by many text/console based applications
such as mail user agents, ftp clients and other command line utilities.
A vulnerability has been found by Jouko Pynnnen
in the screen handling functions: Insufficient boundary checking leads
to a buffer overflow if a user supplies a specially drafted terminfo
database file. If an ncurses-linked binary is installed setuid root,
it is possible for a local attacker to exploit this hole and gain
elevated privileges.


  • Linux
Click Here!