|
Bugtraq
mailing list archives
Re: freebsd libncurses overflow
From: billf () CHC-CHIMES COM (Bill Fumerola)
Date: Mon, 24 Apr 2000 15:13:15 -0400
On Mon, Apr 24, 2000 at 02:33:13PM +0200, Przemyslaw Frasunek wrote:
* Vulnerable Versions
- 3.4-STABLE -- vulnerable
- 4.0-STABLE -- not tested (probably *not* vulnerable)
- 5.0-CURRENT -- *not* vulnerable
Isn't this an ncurses problem and not a FreeBSD problem? If later versions of FreeBSD
aren't vulnerable, its probably only because they have a more recent version of ncurses.
Wouldn't it be more proper to mention the version of _ncurses_ with this problem?
The code is simply imported from:
revision 1.1.1.1
date: 1999/08/24 01:06:35; author: peter; state: Exp; lines: +0 -0
Import unmodified (but trimmed) ncurses 5.0 prerelease 990821.
This contains the full eti (panel, form, menu) extensions.
bmake glue to follow.
Obtained from: ftp://ftp.clark.net/pub/dickey/ncurses
--
Bill Fumerola - Network Architect
Computer Horizons Corp - CVM
e-mail: billf () chc-chimes com / billf () FreeBSD org
Office: 800-252-2421 x128 / Cell: 248-761-7272
PS. Not speaking on behalf of FreeBSD.
 By Date 
By Thread
Current thread:
- Re: IE 5 security vulnerablity - circumventing Cross-frame security policy using Java/JavaScript (and disabling Active Scripting is not that easy), (continued)
- Denial of Service Against pcAnywhere. Vacuum (Apr 25)
Re: IE 5 security vulnerablity - circumventing Cross-framesecurity policy using Java/JavaScript (and disabling ActiveScripting is not that easy) Georgi Guninski (Apr 24)
Hotmail security hole - injecting JavaScript in IE using "@import url(http://host/hostile.css)" Georgi Guninski (Apr 24)
ZoneAlarm Wally Whacker (Apr 20)
|
Intro
