Mailing List Info
Slackware Logo

News

Security Advisories

FAQ

Book

General Info

Get Slack

Install Help

Configuration

Packages

ChangeLogs

Propaganda

Ports

Other Sites

Support

Contact

Mailing Lists
  Archives

About

 
From: "Patrick J. Volkerding" <volkerdi@slackware.com>
To: slackware-security@slackware.com
Subject: libtermcap buffer overflow
Date: Sat, 28 Aug 1999 20:17:24 -0700 (PDT)
Hello,

A buffer overflow has been identified in libtermcap.so.2.0.8 as found in
Slackware 4.0 and earlier, and an exploit for the problem was posted on
BugTraq today.  The exploit (using setuid root /usr/X11R6/bin/xterm)
allows anyone with access to X on the machine to get a root shell.
Several packages have been uploaded to  
ftp://ftp.cdrom.com/pub/linux/slackware-4.0/ that fix this security hole.

The ChangeLog.txt entry and MD5 sums for the uploaded packages follow:

Sat Aug 28 20:18:45 CDT 1999
These packages fix a buffer overflow problem in libtermcap that can be
exploited to gain unauthorized root access.  Below are fixed versions of
the affected packages suitable for use on Slackware 4.0 systems:
slakware/a4/elflibs.tgz:  Patched buffer overflow in libtermcap.
slakware/d1/libc.tgz:  Patched buffer overflow in libtermcap.
slakware/x1/xbin.tgz:  Recompiled /usr/X11R6/bin/xterm, which had been
                       linked against a vulnerable libtermcap.a.
*** Alternate, minimal fix:
The directory below contains only the fixed versions of libtermcap
and xterm.  Installing these two packages is also a complete fix for
the problem.  In addition, these two upgrades are suitable for use
on Slackware 3.5, 3.6, 3.9, or 4.0.
patches/termcap.tgz:  Fixed libtermcap.
patches/xterm.tgz:  Fixed xterm.
----------------------------

MD5 sums:
d01747b9ffc7c9120f07995ec4e0cb02  slakware/a4/elflibs.tgz
4dee2fd9b1186120793e25661691a1e9  slakware/d1/libc.tgz
ba830ade8b7155f8834971119fb98d19  slakware/x1/xbin.tgz
9cd13b1169aa95a3e81d5a65ed12c444  patches/termcap.tgz
3e15d3264664f650e2075c29234edfea  patches/xterm.tgz

Take care,

Pat


Slackware™ is a trademark of Patrick Volkerding.