[Secure-testing-team] Bug#882620: [CVE-2017-16879] ncurses: Stack-based buffer overflow
Salvatore Bonaccorso
carnil at debian.org
Sat Nov 25 10:35:17 UTC 2017
Hi Sven,
On Sat, Nov 25, 2017 at 10:27:14AM +0100, Sven Joachim wrote:
> Control: severity -1 important
>
> On 2017-11-24 16:23 -0500, Luciano Bello wrote:
>
> > Package: ncurses
> > X-Debbugs-CC: team at security.debian.org
> > secure-testing-team at lists.alioth.debian.org
> > Severity: grave
> > Tags: security
> >
> > Hi,
> >
> > the following vulnerability was published for ncurses.
> >
> > CVE-2017-16879[0]:
> > | Stack-based buffer overflow in the _nc_write_entry function in
> > | tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial
> > | of service (application crash) or possibly execute arbitrary code via
> > | a crafted terminfo file, as demonstrated by tic.
>
> For the crash to happen the attacker needs to persuade the victim into
> running tic on their terminfo file first (there are no users of the
> _nc_write_entry function besides tic), and arbitrary code execution
> should be prevented by the stack protection.
>
> Like the previous CVEs on ncurses published earlier this year, this
> should be tagged no-DSA in the tracker.
sounds reasonable, I have marked it as such.
Do you plan to followup as well with a jessie- and stretch-pu once
fixed in unstable?
Thanks for your work,
Regards,
Salvatore
More information about the Secure-testing-team
mailing list