ID CVE-2002-0062
Summary Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."
References
Vulnerable Configurations
  • cpe:2.3:o:debian:debian_linux:2.2:-:68k
    cpe:2.3:o:debian:debian_linux:2.2:-:68k
  • cpe:2.3:o:debian:debian_linux:2.2:-:alpha
    cpe:2.3:o:debian:debian_linux:2.2:-:alpha
  • cpe:2.3:o:debian:debian_linux:2.2:-:arm
    cpe:2.3:o:debian:debian_linux:2.2:-:arm
  • cpe:2.3:o:debian:debian_linux:2.2:-:ia-32
    cpe:2.3:o:debian:debian_linux:2.2:-:ia-32
  • cpe:2.3:o:debian:debian_linux:2.2:-:powerpc
    cpe:2.3:o:debian:debian_linux:2.2:-:powerpc
  • cpe:2.3:o:debian:debian_linux:2.2:-:sparc
    cpe:2.3:o:debian:debian_linux:2.2:-:sparc
  • FreeBSD 3.1
    cpe:2.3:o:freebsd:freebsd:3.1
  • FreeBSD 3.2
    cpe:2.3:o:freebsd:freebsd:3.2
  • FreeBSD 3.3
    cpe:2.3:o:freebsd:freebsd:3.3
  • FreeBSD 3.4
    cpe:2.3:o:freebsd:freebsd:3.4
  • FreeBSD 3.5
    cpe:2.3:o:freebsd:freebsd:3.5
  • FreeBSD 3.5.1
    cpe:2.3:o:freebsd:freebsd:3.5.1
  • FreeBSD 4.0
    cpe:2.3:o:freebsd:freebsd:4.0
  • FreeBSD 4.1
    cpe:2.3:o:freebsd:freebsd:4.1
  • FreeBSD 4.1.1
    cpe:2.3:o:freebsd:freebsd:4.1.1
  • FreeBSD 5.0
    cpe:2.3:o:freebsd:freebsd:5.0
  • cpe:2.3:o:redhat:linux:6.1:-:alpha
    cpe:2.3:o:redhat:linux:6.1:-:alpha
  • cpe:2.3:o:redhat:linux:6.1:-:i386
    cpe:2.3:o:redhat:linux:6.1:-:i386
  • cpe:2.3:o:redhat:linux:6.1:-:sparc
    cpe:2.3:o:redhat:linux:6.1:-:sparc
  • cpe:2.3:o:redhat:linux:7.0:-:alpha
    cpe:2.3:o:redhat:linux:7.0:-:alpha
  • cpe:2.3:o:redhat:linux:7.0:-:i386
    cpe:2.3:o:redhat:linux:7.0:-:i386
  • cpe:2.3:o:redhat:linux:7.1:-:alpha
    cpe:2.3:o:redhat:linux:7.1:-:alpha
  • cpe:2.3:o:redhat:linux:7.1:-:i386
    cpe:2.3:o:redhat:linux:7.1:-:i386
  • cpe:2.3:o:redhat:linux:7.2:-:i386
    cpe:2.3:o:redhat:linux:7.2:-:i386
  • SuSE SuSE Linux 6.2
    cpe:2.3:o:suse:suse_linux:6.2
  • SuSE SuSE Linux 6.3
    cpe:2.3:o:suse:suse_linux:6.3
  • SuSE SuSE Linux 7.0
    cpe:2.3:o:suse:suse_linux:7.0
CVSS
Base: 7.2 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
NASL family Debian Local Security Checks
NASL id DEBIAN_DSA-113.NASL
description Several buffer overflows were fixed in the 'ncurses' library in November 2000. Unfortunately, one was missed. This can lead to crashes when using ncurses applications in large windows. The Common Vulnerabilities and Exposures project has assigned the name CAN-2002-0062 to this issue. This problem has been fixed for the stable release of Debian in version 5.0-6.0potato2. The testing and unstable releases contain ncurses 5.2, which is not affected by this problem. There are no known exploits for this problem, but we recommend that all users upgrade ncurses immediately.
last seen 2019-01-16
modified 2018-07-20
plugin id 14950
published 2004-09-29
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=14950
title Debian DSA-113-1 : ncurses - buffer overflow
redhat via4
advisories
rhsa
id RHSA-2002:020
refmap via4
bid 2116
debian DSA-113
xf gnu-ncurses-window-bo(8222)
Last major update 05-09-2008 - 16:27
Published 08-03-2002 - 00:00
Back to Top