On Thu, 19 Aug 1999, Tymm Twillman wrote: > And as Chris Evans pointed out on linux-security, libncurses on RedHat > is built with -DPURE_TERMINFO, which keeps it from using the buggy > buffer code in libtermcap. ...not quite true - we're able to cause at least several SEGVs in ncurses' tgetent() function by putting junk into terminfo files. Simply, try some brute-force algorithms. I don't want to discuss about possible consequences of this bug, as we haven't checked carefully terminfo format, nor parser code. _______________________________________________________________________ Michal Zalewski [[EMAIL PROTECTED]] [link / marchew] [dione.ids.pl SYSADM] [Marchew Industries] ! [http://lcamtuf.na.export.pl] bash$ :(){ :|:&};: [voice phone: +48 (0) 22 813 25 86] ? [cellular phone: (0) 501 4000 69] Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]
- [RHSA-1999:028-01] Buffer overflow in libtermcap tge... Bill Nottingham
- Re: [RHSA-1999:028-01] Buffer overflow in libte... Michal Zalewski
- Re: [RHSA-1999:028-01] Buffer overflow in l... Michal Zalewski
- Re: [RHSA-1999:028-01] Buffer overflow ... Tymm Twillman
- Re: [RHSA-1999:028-01] Buffer overf... Michal Zalewski
- Re: [RHSA-1999:028-01] Buffer overflow ... Olaf Kirch
- Re: [RHSA-1999:028-01] Buffer overflow in l... Martin Schulze
- Re: [RHSA-1999:028-01] Buffer overflow in l... Aaron Campbell
- Re: [RHSA-1999:028-01] Buffer overflow ... Alan Cox
- Re: [RHSA-1999:028-01] Buffer overf... Kurt Wall
- Re: [RHSA-1999:028-01] Buffer ... Carlo M. Arenas Belon
- libtermcap exploit fix ... smashcap... Hudin Lucian
- Re: [RHSA-1999:028-01] Buffer overf... Pavel Kankovsky
- Re: [RHSA-1999:028-01] Buffer overflow in l... Tymm Twillman
- Re: [RHSA-1999:028-01] Buffer overflow in libte... Olaf Kirch