Description
Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."
Product(s):
- GNU ncurses
- GNU Ncurses
- GNU Ncurses 4.0
- GNU Ncurses 4.1
- GNU Ncurses 4.2
- Debian Linux 2.2 for 68k
- Debian Linux 2.2 for Alpha
- Debian Linux 2.2 for ARM
- Debian Linux 2.2 for IA-32
- Debian Linux 2.2 for PowerPC
- Debian Linux 2.2 for SPARC
- FreeBSD 3.1
- FreeBSD 3.2
- FreeBSD 3.3
- FreeBSD 3.3 Release Candidate
- FreeBSD 3.4
- FreeBSD 3.5.1
- FreeBSD 3.5
- FreeBSD 4.0
- FreeBSD 4.1.1
- FreeBSD 4.1
- FreeBSD 5.0
- FreeBSD 5.0 Patch 11
- FreeBSD 5.0 Patch 13
- FreeBSD 5.0 Patch 14
- FreeBSD 5.0 Patch 16
- FreeBSD 5.0 Patch 17
- FreeBSD 5.0 Patch 18
- FreeBSD 5.0 Patch 19
- FreeBSD 5.0 Patch 1
- FreeBSD 5.0 Patch 20
- FreeBSD 5.0 Patch 21
- FreeBSD 5.0 Patch 22
- FreeBSD 5.0 Patch 2
- FreeBSD 5.0 Patch 3
- FreeBSD 5.0 Patch 4
- FreeBSD 5.0 Patch 5
- FreeBSD 5.0 Patch 6
- FreeBSD 5.0 Patch 7
- Red Hat Linux 6.1 on Alpha
- Red Hat Linux 6.1 on i386
- Red Hat Linux 6.1 on SPARC
- Red Hat Linux 7.0 on Alpha
- Red Hat Linux 7.0 on i386
- Red Hat Linux 7.1 on Alpha
- Red Hat Linux 7.1 on i386
- Red Hat Linux 7.2 on I386
- SuSE SuSE Linux 6.2
- SuSE SuSE Linux 6.3
- SuSE SuSE Linux 6.3 alpha
- SuSE SuSE Linux 7.0
- SuSE SuSE Linux 7.0 alpha
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2002-0062, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2002-0062 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.
References:
- http://webappsec.pbworks.com/Buffer-Overflow
- https://capec.mitre.org/data/definitions/10.html
- https://capec.mitre.org/data/definitions/100.html
- https://capec.mitre.org/data/definitions/14.html
- https://capec.mitre.org/data/definitions/24.html
- https://capec.mitre.org/data/definitions/42.html
- https://capec.mitre.org/data/definitions/44.html
- https://capec.mitre.org/data/definitions/45.html
- https://capec.mitre.org/data/definitions/46.html
- https://capec.mitre.org/data/definitions/47.html
- https://capec.mitre.org/data/definitions/67.html
- https://capec.mitre.org/data/definitions/8.html
- https://capec.mitre.org/data/definitions/9.html
- https://capec.mitre.org/data/definitions/92.html
- https://nvd.nist.gov/vuln/detail/CVE-2002-0062