ncurses TERMCAP Buffer缓冲区溢出漏洞

漏洞信息详情

ncurses TERMCAP Buffer缓冲区溢出漏洞

• CNNVD编号：CNNVD-200012-115
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2000-0963
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2000-12-19
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2006-09-15
  
• 厂        商：
  
  freebsd
• 漏洞来源：
  Posted to Bugtraq …

ncurses库存在缓冲区溢出漏洞。本地用户借助超长环境信息如TERM或者TERMINFO_DIRS执行任意命令。

RedHat has released patches to fix this vulnerability.
FreeBSD has provided an ncurses upgrade but advises that users do the following to make sure they are vulnerable before upgrading:
1) Download the ‘scan_ncurses.sh’ and ‘test_ncurses.sh’ scripts from
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:68/scan_ncurses.sh
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:68/test_ncurses.sh
e.g. with the fetch(1) command:
# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:68/scan_ncurses.sh
Receiving scan_ncurses.sh (381 bytes): 100%
381 bytes transferred in 0.1 seconds (7.03 kBps)
# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:68/test_ncurses.sh
Receiving test_ncurses.sh (604 bytes): 100%
604 bytes transferred in 0.1 seconds (6.55 kBps)
2) Verify the md5 checksums and compare to the value below:
# md5 scan_ncurses.sh
MD5 (scan_ncurses.sh) = 597f63af701253f053581aa1821cbac1
# md5 test_ncurses.sh
MD5 (test_ncurses.sh) = 12491ceb15415df7682e3797de53223e
3) Run the scan_ncurses.sh script against your system:
# chmod a+x ./test_ncurses.sh
# sh scan_ncurses.sh ./test_ncurses.sh /
Caldera:
The proper solution is to upgrade to the fixed packages.
OpenLinux Desktop 2.3
Location of Fixed Packages
The upgrade packages can be found on Caldera’s FTP site at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
The corresponding source code package can be found at:
ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS
RedHat ncurses-5.0-11.i386.rpm

• Red Hat Inc. 6.2 i386 ncurses-5.0-12.i386.rpm
  ftp://updates.redhat.com/6.2/i386/ncurses-5.0-12.i386.rpm

RedHat ncurses-devel-5.0-11.i386.rpm

• Red Hat Inc. 6.2 i386 ncurses-devel-5.0-12.i386.rpm
  ftp://updates.redhat.com/6.2/i386/ncurses-devel-5.0-12.i386.rpm

RedHat ncurses-5.1-2.i386.rpm

• Red Hat Inc. 7.0 i386 ncurses-5.2-2.i386.rpm
  ftp://updates.redhat.com/7.0/i386/ncurses-5.2-2.i386.rpm

FreeBSD FreeBSD 3.5.1

• FreeBSD ncurses.tar.gzExecute the following commands:cd /usr/srctar xvfz /path/to/ncurses.tar.gzcd /usr/src/lib/libncursesmake allmake install
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:68/ncurses.tar.gz
  

FreeBSD FreeBSD 4.0

• FreeBSD ncurses.tar.gzExecute the following commands:cd /usr/srctar xvfz /path/to/ncurses.tar.gzcd /usr/src/lib/libncursesmake allmake install
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:68/ncurses.tar.gz
  

FreeBSD FreeBSD 4.1

• FreeBSD ncurses.tar.gzExecute the following commands:cd /usr/srctar xvfz /path/to/ncurses.tar.gzcd /usr/src/lib/libncursesmake allmake install
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:68/ncurses.tar.gz
  

FreeBSD FreeBSD 4.1.1 -STABLE

• FreeBSD ncurses.tar.gzExecute the following commands:cd /usr/srctar xvfz /path/to/ncurses.tar.gzcd /usr/src/lib/libncursesmake allmake install
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:68/ncurses.tar.gz
  

FreeBSD FreeBSD 4.1.1

• FreeBSD ncurses.tar.gzExecute the following commands:cd /usr/srctar xvfz /path/to/ncurses.tar.gzcd /usr/src/lib/libncursesmake allmake install
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:68/ncurses.tar.gz
  

Wirex Immunix OS 6.2

• Wirex Immunix 6.2 ncurses-5.0-12
  
  http://www.immunix.org/ImmunixOS/6.2/updates/RPMS/ncurses-5.0-12_Stack
  Guard.i386.rpm
• Wirex Immunix 6.2 ncurses-devel-5.0-12
  
  http://www.immunix.org/ImmunixOS/6.2/updates/RPMS/ncurses-devel-5.0-12
  _StackGuard.i386.rpm

RedHat Linux 6.2 sparc

• Red Hat Inc. 6.2 sparc ncurses-5.0-12.sparc.rpm
  ftp://updates.redhat.com/6.2/sparc/ncurses-5.0-12.sparc.rpm
• Red Hat Inc. 6.2 sparc ncurses-devel-5.0-12.sparc.rpm
  ftp://updates.redhat.com/6.2/sparc/ncurses-devel-5.0-12.sparc.rpm

RedHat Linux 6.2 alpha

• Red Hat Inc. 6.2 alpha ncurses-5.0-12.alpha.rpm
  ftp://updates.redhat.com/6.2/alpha/ncurses-5.0-12.alpha.rpm
• Red Hat Inc. 6.2 alpha ncurses-devel-5.0-12.alpha.rpm
  ftp://updates.redhat.com/6.2/alpha/ncurses-devel-5.0-12.alpha.rpm

RedHat Linux 6.2 i386

• Red Hat Inc. 6.2 i386 ncurses-5.0-12.i386.rpm
  ftp://updates.redhat.com/6.2/i386/ncurses-5.0-12.i386.rpm
• Red Hat Inc. 6.2 i386 ncurses-devel-5.0-12.i386.rpm
  ftp://updates.redhat.com/6.2/i386/ncurses-devel-5.0-12.i386.rpm

RedHat Linux 7.0

• Red Hat Inc. 7.0 alpha ncurses-5.2-2.alpha.rpm
  ftp://updates.redhat.com/7.0/alpha/ncurses-5.2-2.alpha.rpm
• Red Hat Inc. 7.0 alpha ncurses-devel-5.2-2.alpha.rpm
  ftp://updates.redhat.com/7.0/alpha/ncurses-devel-5.2-2.alpha.rpm
• Red Hat Inc. 7.0 i386 ncurses-5.2-2.i386.rpm
  ftp://updates.redhat.com/7.0/i386/ncurses-5.2-2.i386.rpm
• Red Hat Inc. 7.0 i386 ncurses-devel-5.2-2.i386.rpm
  ftp://updates.redhat.com/7.0/i386/ncurses-devel-5.2-2.i386.rpm

Wirex Immunix OS 7.0 -Beta

• Wirex Immunix 7.0-Beta ncurses-5.2-2
  
  http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/ncurses-5.2-2_S
  tackGuard.i386.rpm
• Wirex Immunix 7.0-Beta ncurses-devel-5.2-2
  
  http://www.immunix.org/ImmunixOS/7.0-beta/updates/RPMS/ncurses-devel-5
  .2-2_StackGuard.i386.rpm

来源: BID
名称: 1142
链接:http://www.securityfocus.com/bid/1142

来源: CALDERA
名称: CSSA-2000-036.0
链接:http://www.calderasystems.com/support/security/advisories/CSSA-2000-036.0.txt

来源: BUGTRAQ
名称: 20001009 ncurses buffer overflows
链接:http://www.securityfocus.com/archive/1/138550

来源: XF
名称: gnu-ncurses-term-terminfodirs-bo(44487)
链接:http://xforce.iss.net/xforce/xfdb/44487