[Secure-testing-team] Bug#882620: [CVE-2017-16879] ncurses: Stack-based buffer overflow
Sven Joachim
svenjoac at gmx.de
Sat Nov 25 09:27:14 UTC 2017
Control: severity -1 important
On 2017-11-24 16:23 -0500, Luciano Bello wrote:
> Package: ncurses
> X-Debbugs-CC: team at security.debian.org
> secure-testing-team at lists.alioth.debian.org
> Severity: grave
> Tags: security
>
> Hi,
>
> the following vulnerability was published for ncurses.
>
> CVE-2017-16879[0]:
> | Stack-based buffer overflow in the _nc_write_entry function in
> | tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial
> | of service (application crash) or possibly execute arbitrary code via
> | a crafted terminfo file, as demonstrated by tic.
For the crash to happen the attacker needs to persuade the victim into
running tic on their terminfo file first (there are no users of the
_nc_write_entry function besides tic), and arbitrary code execution
should be prevented by the stack protection.
Like the previous CVEs on ncurses published earlier this year, this
should be tagged no-DSA in the tracker.
Cheers,
Sven
More information about the Secure-testing-team
mailing list