Bugtraq mailing list archives

Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent()

From: joey () FINLANDIA INFODROM NORTH DE (Martin Schulze)
Date: Thu, 19 Aug 1999 18:16:25 +0200


Olaf Kirch wrote:

FWIW, Caldera OpenLinux has stopped using termcap altogether since release 2.2.
Doing an rpm -qlv ncurses-termcap-devel reveals that libtermcap.so is a
symlink to libncurses.


Same for Debian.  However, I haven't checked ncurses and terminfo.  I
don't know if and how much code is shared with termcap thus I don't
know if the apps might still be vulnerable.

Regards,

        Joey

--
GNU does not eliminate all the world's problems, only some of them.
                                                -- The GNU Manifesto

Current thread:

Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent(), (continued)
- - - Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Martin Schulze (Aug 19)
    - Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Aaron Campbell (Aug 19)
    - Microsoft Security Bulletin (MS99-030) Aleph One (Aug 20)
    - Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Alan Cox (Aug 22)
    - libtermcap exploit fix ... smashcap.c Hudin Lucian (Aug 22)
    - Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Pavel Kankovsky (Aug 26)
    - OCE' 9400 plotters Larry W. Cashdollar (Aug 19)
    - Re: OCE' 9400 plotters Patrick Cantwell (Aug 23)
    - Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Tymm Twillman (Aug 19)
    - Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Olaf Kirch (Aug 18)
    - Re: [RHSA-1999:028-01] Buffer overflow in libtermcap tgetent() Martin Schulze (Aug 19)
  - Security Bug in Oracle Elias Levy (Aug 17)
    - Re: Security Bug in Oracle Jonathan A. Zdziarski (Aug 27)
    - [RHSA-1999:030-02] Buffer overflow in cron daemon Bill Nottingham (Aug 27)