Mandrake Linux Security Advisory : ncurses (MDKSA-2001:052)
High Nessus Plugin ID 61914
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionAn overflowable buffer in the part of the ncurses library that handles cursor movement existed in versions of ncurses prior to 5.2. Attackers could force a privileged application to use their own termcap file containing a special terminal entry which would trigger the overflow, allowing them to execute arbitrary code with the privileges of the exploited binary. This vulnerability would only manifest in setuid applications that use ncurses for cursor movement.
SolutionUpdate the affected ncurses, ncurses-devel and / or ncurses-extraterms packages.