-----BEGIN PGP SIGNED MESSAGE-----

Subject: Caldera Security Advisory SA-1998.18: Security problems in
ncurses

Topic: Security problems in ncurses
Advisory issue date: 24-July-1998


I. Problem Description

	When linked into setuid applications, ncurses should always
	read the termcap file with the permissions of the invoking
	user, rather than the permissions of the application. 


II. Impact

Description:
	The TERMINFO environment variable may be abused to access files which
	should be inaccessable to the user.

Vulnerable Systems:

	OpenLinux 1.0, 1.1, & 1.2 Systems using ncurses packages prior to
	ncurses-4.1-2.


III. Solution

Correction:

        The proper solution is to Upgrade to the ncurses-4.1-2 packages. 

        They can be found on Caldera's FTP site at:
	ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/010/RPMS

        The corresponding source code can be found at:
	ftp://ftp.caldera.com/pub/OpenLinux/updates/1.2/010/SRPMS

        The MD5 checksums (from the "md5sum" command) for these packages are:

7f96ab6ec353c2704b6040af2f2617c5  RPMS/ncurses-4.1-2.i386.rpm
59e23822cf617c2caa49474869325206  RPMS/ncurses-devel-4.1-2.i386.rpm
9ba5b7941c045f3bec33464d745186dd  RPMS/ncurses-devel-compat-4.1-2.i386.rpm
e8a168dc845e772a55f6c94c17ed407b  RPMS/ncurses-devel-static-4.1-2.i386.rpm
fd0015a07b023bf89429b0bf665d6477  RPMS/ncurses-devel-static-compat-4.1-2.i386.rpm
e920f11efa9744ad9f377c9b6a1e50fe  SRPMS/ncurses-4.1-2.src.rpm


        Upgrade with the following commands:

rpm -q ncurses-devel-static-compat && rpm -U ncurses-devel-static-compat-4.1-2.i386.rpm
rpm -q ncurses-devel-static && rpm -U ncurses-devel-static-4.1-2.i386.rpm
rpm -q ncurses-devel-compat && rpm -U ncurses-devel-compat-4.1-2.i386.rpm
rpm -q ncurses-devel && rpm -U ncurses-devel-4.1-2.i386.rpm
rpm -q ncurses && rpm -U ncurses-4.1-2.i386.rpm


IV. References


        This and other Caldera security resources are located at:
	http://www.caldera.com/news/security/index.html

        This security fix closes Caldera's internal Problem Report
	4058.

V. PGP Signature

	This message was signed with the PGP key for security@caldera.com.

	This key can be obtained from:
		ftp://ftp.caldera.com/pub/pgp-keys/

	Or on an OpenLinux CDROM under:
		/OpenLinux/pgp-keys/

	$Id: SA-1998.18.txt,v 1.3 1998/07/24 13:02:45 rf Exp $


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNbiF9On+9R4958LpAQHCIAP/drr+EsfvtGg+OH8nH0+SUOFOp8hSnPtk
izb99y5eBJZBa8o6GhCAnIh8RVXmNKJkO702yHrdEe1J8AdZTDrTvLPqKm+nLkkI
Byyj5iXQep1EsBfcir81IGNugG1alHTNyO3DoCex/8MY/QqdMUt89F8NIvRO3TLn
QHCm4j5nFrU=
=F0q1
-----END PGP SIGNATURE-----