[11465] in bugtraq
Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent()
daemon@ATHENA.MIT.EDU (Olaf Kirch)
Sat Aug 21 12:24:34 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990819214208.B3468@monad.swb.de>
Date: Thu, 19 Aug 1999 21:42:08 +0200
Reply-To: Olaf Kirch <okir@MONAD.SWB.DE>
From: Olaf Kirch <okir@MONAD.SWB.DE>
X-To: Michal Zalewski <lcamtuf@IDS.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <lcamtuf.4.05.9907040317190.356-100000@nimue.ids.pl>; from Michal
Zalewski on Sun, Jul 04, 1999 at 03:19:38AM +0200
On Sun, Jul 04, 1999 at 03:19:38AM +0200, Michal Zalewski wrote:
> Oh, haven't said, for clearance... I'm talking about terminfo support and
> tgetent() function implemented in libncurses, which is buggy as well,
> while ncurses allows '../' tricks.
Do you have any more information about this problem? As far as I can remember,
ncurses doesn't do much parsing with a terminfo file, so there's little
harm that can be done here. Or do you have a demonstrable exploit?
Olaf
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir@caldera.de +-------------------- Why Not?! -----------------------
UNIX, n.: Spanish manufacturer of fire extinguishers.
