Date: Sat, 14 Oct 2000 04:23:28 -0700 From: Kris Kennaway <kris@citusc.usc.edu> To: Valentin Nechayev <netch@lucky.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: ncurses buffer overflows (fwd) Message-ID: <20001014042328.A13230@citusc17.usc.edu> In-Reply-To: <20001014094604.A18459@lucky.net>; from netch@lucky.net on Sat, Oct 14, 2000 at 09:46:04AM %2B0300 References: <200010101403.e9AE3Ir08713@cwsys.cwsent.com> <20001014094604.A18459@lucky.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Oct 14, 2000 at 09:46:04AM +0300, Valentin Nechayev wrote: > Tue, Oct 10, 2000 at 07:02:30, Cy.Schubert wrote about "ncurses buffer overflows (fwd)": > > > For those of you who don't subscribe to BUGTRAQ, here's a heads up. > > Are systat & top in 3.* vulnerable? Shall it be fixed? > systat in 3.* uses curses, but at my box exploit failed. I haven't had time to check. Chances are it could be vulnerable to a similar problem, but probably not the same one as in 4.x given how much of the curses code has changed since the ancient version in 3.x. After the last problem with curses in 3.x I tried to motivate people to audit the code, but didnt have any takers. We can't just upgrade it without breaking compatibility with existing binaries, as I understand it. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001014042328.A13230>