From owner-freebsd-security Sat Oct 14 4:21:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id AE46037B502 for ; Sat, 14 Oct 2000 04:21:40 -0700 (PDT) Received: (from kris@localhost) by citusc17.usc.edu (8.9.3/8.9.3) id EAA13262; Sat, 14 Oct 2000 04:23:29 -0700 (PDT) Date: Sat, 14 Oct 2000 04:23:28 -0700 From: Kris Kennaway To: Valentin Nechayev Cc: freebsd-security@FreeBSD.ORG Subject: Re: ncurses buffer overflows (fwd) Message-ID: <20001014042328.A13230@citusc17.usc.edu> References: <200010101403.e9AE3Ir08713@cwsys.cwsent.com> <20001014094604.A18459@lucky.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001014094604.A18459@lucky.net>; from netch@lucky.net on Sat, Oct 14, 2000 at 09:46:04AM +0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Oct 14, 2000 at 09:46:04AM +0300, Valentin Nechayev wrote: > Tue, Oct 10, 2000 at 07:02:30, Cy.Schubert wrote about "ncurses buffer overflows (fwd)": > > > For those of you who don't subscribe to BUGTRAQ, here's a heads up. > > Are systat & top in 3.* vulnerable? Shall it be fixed? > systat in 3.* uses curses, but at my box exploit failed. I haven't had time to check. Chances are it could be vulnerable to a similar problem, but probably not the same one as in 4.x given how much of the curses code has changed since the ancient version in 3.x. After the last problem with curses in 3.x I tried to motivate people to audit the code, but didnt have any takers. We can't just upgrade it without breaking compatibility with existing binaries, as I understand it. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message