Multiple Vendor Termcap tgetent() Buffer Overflow

A buffer overflow existed in libtermcap's tgetent() function, which could cause the user to execute arbitrary code if they were able to supply their own termcap file. Versions of libtermcap 2.0.8 and earliear are vulnerable.

Under Red Hat Linux 5.2 and 4.2, this could lead to local users gaining root privileges, as xterm (as well as other possibly setuid programs) are linked against libtermcap. Under Red Hat Linux 6.0, xterm is not setuid root.

Debian and Caldera OpenLinux use the ncurses library instead of termcap and thus are not vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus