From owner-freebsd-security  Tue Oct 10 17:10:12 2000
Delivered-To: freebsd-security@freebsd.org
Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139])
	by hub.freebsd.org (Postfix) with ESMTP id 586FF37B66C
	for <freebsd-security@FreeBSD.ORG>; Tue, 10 Oct 2000 17:10:07 -0700 (PDT)
Received: (qmail 4285 invoked by uid 1000); 11 Oct 2000 00:13:34 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 11 Oct 2000 00:13:34 -0000
Date: Tue, 10 Oct 2000 19:13:33 -0500 (CDT)
From: Mike Silbersack <silby@silby.com>
To: Steve Reid <sreid@sea-to-sky.net>
Cc: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>,
	freebsd-security@FreeBSD.ORG
Subject: Re: ncurses buffer overflows (fwd)
In-Reply-To: <Pine.BSF.4.21.0010101908580.4266-100000@achilles.silby.com>
Message-ID: <Pine.BSF.4.21.0010101912540.4283-100000@achilles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On Tue, 10 Oct 2000, Mike Silbersack wrote:

> Well, the advisory states that ncurses 5.0 and before are vulnerable.  It
> looks like 5.1-prerelease is what 4.1+ are using.  So, until we here more
> from warner/kris, I'm assuming that 4.0/3.x are vulnerable, but 4.1+ is
> safe.
> 
> (The exploit didn't work for me either, FWIW.)
> 
> Mike "Silby" Silbersack

I partially retract that.  It looks like 3.x doesn't use ncurses, if I'm
reading cvs properly.

Mike "Silby" Silbersack



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message