A possible buffer overflow in libnewt

From: Wu Tao (lepton@sina.com)
Date: 03/28/02

• Previous message: Andrey Gordienko: "Oracle9i TSN DoS Attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 28 Mar 2002 06:24:22 -0000
From: Wu Tao <lepton@sina.com>
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is)

Hi!
When I am debugging my little program which used
libnewt,I found a possible buffer overflow in libnewt.
libnewt is widely used by configuration program in
redhat.Because there is no suid program use libnewt
in my redhat 6.2 environment,it seems this bug can't
be used to gain root.But if there is any suid program
use libnewt,it is dangerous.
The following is my patch for libnewt 0.5.33.
I have mailed the author of libnewt about a week ago,
but I have got no reply.

diff -ur newt-0.50.33/newt.c newt-0.50.33-n/newt.c
--- newt-0.50.33/newt.c Wed Apr 4 03:33:10 2001
+++ newt-0.50.33-n/newt.c Tue Mar 19 21:41:24
2002
@@ -331,6 +331,8 @@
        }

        *chptr++ = key;
+ if(chptr-buf>8)
+ break;

        /* this search should use bsearch(), but when
we only look through
           a list of 20 (or so) keymappings, it's probably
faster just to

---

• Previous message: Andrey Gordienko: "Oracle9i TSN DoS Attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2002-03