-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________
		   Caldera Systems, Inc.  Security Advisory

Subject:		buffer overflows in ncurses
Advisory number: 	CSSA-2000-036.0
Issue date: 		2000 October, 11
Cross reference:
______________________________________________________________________________


1. Problem Description

   There is a buffer overflow in ncurses which allows local users
   to exploit setuid / setgid applications that link against ncurses
   to gain access to their permissions.

   Following applications shipped with OpenLinux might be affected
   by this problem:

   * lpq 		(not exploitable)
   * minicom		(potentially exploitable, but is only setgid uucp)
   * mutt_dotlock	(not exploitable)

2. Vulnerable Versions

   System                       Package
   -----------------------------------------------------------
   OpenLinux Desktop 2.3        All packages previous to
   				ncurses-4.2-6

   OpenLinux eServer 2.3        All packages previous to
   and OpenLinux eBuilder       ncurses-4.2-6

   OpenLinux eDesktop 2.4	All packages previous to
                                ncurses-4.2-6

3. Solution

   Workaround:

   	None known.

   The proper solution is to upgrade to the fixed packages.

4. OpenLinux Desktop 2.3

   4.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

   4.2 Verification

       f31b8e7d2d35ca8f8003cd580eb4a643  RPMS/ncurses-4.2-6.i386.rpm
       16abd61e99c33cb61ae68a8796e81d7f  RPMS/ncurses-devel-4.2-6.i386.rpm
       02f355cb7e3beb3b9cd132461ab0a857  RPMS/ncurses-devel-static-4.2-6.i386.rpm
       64bf29f03acc305756b9abdcfbb76a7f  RPMS/ncurses-termcap-devel-4.2-6.i386.rpm
       b569d3980e687e6f516510d865158cee  RPMS/ncurses-termcap-devel-static-4.2-6.i386.rpm
       72d2512519731ed4e4e66cb3099d8b17  SRPMS/ncurses-4.2-6.src.rpm

   4.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

	  rpm -Fhv ncurses-*.i386.rpm

5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0

   5.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

   5.2 Verification

       1a7b87dd8146b9529aad5dd6303e248a  RPMS/ncurses-4.2-6.i386.rpm
       b35e9397d8bd9584aae7482775f64dd2  RPMS/ncurses-devel-4.2-6.i386.rpm
       2af93cedddae6f32a2d49ac5182d7f67  RPMS/ncurses-devel-static-4.2-6.i386.rpm
       dc654d552c15d9d438270b5019584988  RPMS/ncurses-termcap-devel-4.2-6.i386.rpm
       4da3269d769520ff3f64f026a293f028  RPMS/ncurses-termcap-devel-static-4.2-6.i386.rpm
       72d2512519731ed4e4e66cb3099d8b17  SRPMS/ncurses-4.2-6.src.rpm

   5.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

	  rpm -Fhv ncurses-*.i386.rpm

6. OpenLinux eDesktop 2.4

   6.1 Location of Fixed Packages

       The upgrade packages can be found on Caldera's FTP site at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

       The corresponding source code package can be found at:

       ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

   6.2 Verification

       afd119c5acda89001cea005faacb32f1  RPMS/ncurses-4.2-6.i386.rpm
       7eaa20203c718449f43a9e12cc0ce8f7  RPMS/ncurses-devel-4.2-6.i386.rpm
       551843505cd6c87948bb695cc034f73c  RPMS/ncurses-devel-static-4.2-6.i386.rpm
       b40dd2ad2a081c20eb4f8c414c467baa  RPMS/ncurses-termcap-devel-4.2-6.i386.rpm
       869064fed6dcf2fee13ee518f2dcb236  RPMS/ncurses-termcap-devel-static-4.2-6.i386.rpm
       72d2512519731ed4e4e66cb3099d8b17  SRPMS/ncurses-4.2-6.src.rpm

   6.3 Installing Fixed Packages

       Upgrade the affected packages with the following commands:

	  rpm -Fhv ncurses-*.i386.rpm

7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/support/security/index.html

   This security fix closes Caldera's internal Problem Report 7948.

8. Disclaimer

   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.

9. Acknowledgements

   Caldera Systems wishes to thank Jouko Pynnönen <jouko@solutions.fi>
   and Thomas Dickey <dickey@herndon4.his.com> for finding and reporting
   this problem and suggesting fixes.

______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE55H7V18sy83A/qfwRAu+gAKCdru0KgqzKWzJ1w7P++BxvJXtIKQCffplj
YFZYGdZxVXacyrn2893IgsQ=
=m7yS
-----END PGP SIGNATURE-----