4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.3%
The curses library derived from System V contains a buffer overflow. A local user can execute a command that uses this library to exploit the vulnerability and gain elevated privileges.
There is a buffer overflow in the curses library that could permit a local user to gain elevated privileges. Various commands will call on the libcurses library to get the term settings either from the environment variable TERM, or a command line argument.
A local user can gain elevated privileges.
Apply the appropriate patch from your vendor. See our “Systems Affected” section below.
451275
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: June 13, 2001 Updated: August 06, 2001
Affected
Yes, the other two binaries also must be remade with the new library. We neglected to do that, and we are in the process of creating them.
The vendor has not provided us with any further information regarding this vulnerability.
There are additional files (auditsh and termsh) that still need to be remade with the new library. The above vendor statement reflects the need to relink all current applications with the new library. Until these are release, a workaround would be to set permissions on the two files. All programs that use the curses library must be re-linked with this new library to take advantage of the fix. SCO OpenServer and UnixWare 7 ship with the curses library. Download and install the new files for your system as specified in the Caldera Advisory (CSSA-2001-SCO.1).
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23451275 Feedback>).
Notified: August 06, 2001 Updated: August 08, 2001
Affected
IRIX 6.5 and above is not vulnerable to the libcurses buffer overflow. It was fixed as part of bug 530675.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23451275 Feedback>).
Notified: July 31, 2001 Updated: August 09, 2001
Affected
We fixed this buffer overflow via bugID:
4313067 security: libcurses:setupterm has buffer overflow
The above bugID was patched for all affected releases:
110458-01 SunOS 5.8: libcurses patch
110459-01 SunOS 5.8_x86: libcurses patch
110070-01 SunOS 5.7: security: libcurses:setupterm has buffer overflow
110071-01 SunOS 5.7_x86: security: libcurses:setupterm has buffer overflow
105405-03 SunOS 5.6: libcurses.a & libcurses.so.1 patch
105406-03 SunOS 5.6_x86: libcurses.a & libcurses.so.1 patch
104637-04 SunOS 5.5.1: /usr/ccs/lib/libcurses.a patch
104638-04 SunOS 5.5.1_x86: /usr/ccs/lib/libcurses.a patch
110339-01 SunOS 5.5: libcurses:setupterm has buffer overflow
110341-01 SunOS 5.5_x86: libcurses:setupterm has buffer overflow
110051-01 SunOS 5.4: Patch for libcurses
110052-01 SunOS 5.4_x86: Patch for libcurses
101325-05 SunOS 5.3: jumbo fmli patch, libcurses.a
The vendor has not provided us with any further information regarding this vulnerability.
Sun Microsystems: Versions of SunOS earlier than 5.8 are vulnerable. This vulnerability has been addressed as BugID 4313067. Download and install the new files for your system from Sun.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23451275 Feedback>).
Notified: August 06, 2001 Updated: August 27, 2001
Not Affected
This is not an issue for HP.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23451275 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
<http://www.securitytracker.com/alerts/2001/Jun/1001825.html>
This vulnerability was discovered by Kevin Finisterre and was reported to the [email protected] mailing list. Caldera/SCO has also released an advisory (CSSA-2001-SCO.1).
This document was written by Jason Rafail.
CVE IDs: | CVE-2001-1148 |
---|---|
Severity Metric: | 0.72 Date Public: |