Debian Bug report logs - #43141
Buffer overflow in libtermcap

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Martin Schulze <joey@finlandia.Infodrom.North.DE>

To: submit@bugs.debian.org

Subject: Buffer overflow in libtermcap

Date: Wed, 18 Aug 1999 00:23:12 +0200

Package: termcap-compat
Version: 1.1.1.1

A buffer overflow has been found that can lead into a root exploit.
Since Debiani has abandoned termcap in favour of terminfo Debian
itself is not vulnerable but if users have compiled or use third
source programs running as root and being linked against this lib
they're exploitable.

The proper patch will follow as soon as it's done and I have the
bug number.

Regards,

	Joey

-- 
Those who don't understand Unix are condemned to reinvent it, poorly.

Please always Cc to me when replying to me on the lists.

Message #10 received at 43141@bugs.debian.org (full text, mbox, reply):

From: Martin Schulze <joey@finlandia.Infodrom.North.DE>

To: 43141@bugs.debian.org

Subject: Patch

Date: Wed, 18 Aug 1999 02:03:48 +0200

Here's the patch for the NMU I've done tonight.  I haven't waited
for a reply from Christian since he has proven not to be very
responsive.  I hope I didn't step on his toes, but the fix should
be out quickly.

diff -u -Nur --exclude CVS orig/termcap-compat-1.1.1.1/debian/changelog termcap-compat-1.1.1.1.1/debian/changelog
--- orig/termcap-compat-1.1.1.1/debian/changelog	Thu Jul 16 03:50:44 1998
+++ termcap-compat-1.1.1.1.1/debian/changelog	Wed Aug 18 01:00:31 1999
@@ -1,3 +1,11 @@
+termcap-compat (1.1.1.1.1) unstable; urgency=high
+
+  * Non-maintainer by Security Team
+  * Applied patch to fix buffer overflow.  Patch by Kevin Vajk
+    <kvajk@ricochet.net> (fixes: Bug#43141)
+
+ -- Martin Schulze <joey@finlandia.infodrom.north.de>  Wed, 18 Aug 1999 00:25:59 +0200
+
 termcap-compat (1.1.1.1) frozen unstable; urgency=high
 
   * Non-maintainer release.
diff -u -Nur --exclude CVS orig/termcap-compat-1.1.1.1/termcap.c termcap-compat-1.1.1.1.1/termcap.c
--- orig/termcap-compat-1.1.1.1/termcap.c	Thu Jul 16 03:48:20 1998
+++ termcap-compat-1.1.1.1.1/termcap.c	Tue Aug 17 21:03:14 1999
@@ -471,6 +471,10 @@
   for(bp = s; *bp; bp++) {
 	*sp++ = *bp;
 	count++;
+	if (count >= maxlen-1) {
+		write(2, "tgetent: warning: termcap entry too long\n", 41);
+		break;
+	}
   }
   *sp++ = ':';
   count++;

Regards,

	Joey

-- 
Those who don't understand Unix are condemned to reinvent it, poorly.

Please always Cc to me when replying to me on the lists.

Message #17 received at 43141-close@bugs.debian.org (full text, mbox, reply):

From: Christian Hudon <chrish@debian.org>

To: 43141-close@bugs.debian.org

Subject: Bug#43141: fixed in termcap-compat 1.1.2

Date: 27 Oct 1999 19:01:49 -0000

We believe that the bug you reported is fixed in the latest version of
termcap-compat, which has been installed in the Debian FTP archive:
termcap-compat_1.1.2.tar.gz
  to dists/proposed-updates/termcap-compat_1.1.2.tar.gz
termcap-compat_1.1.2.tar.gz
  to dists/potato/main/source/oldlibs/termcap-compat_1.1.2.tar.gz
  replacing termcap-compat_1.1.1.1.1.tar.gz
termcap-compat_1.1.2.dsc
  to dists/proposed-updates/termcap-compat_1.1.2.dsc
termcap-compat_1.1.2.dsc
  to dists/potato/main/source/oldlibs/termcap-compat_1.1.2.dsc
  replacing termcap-compat_1.1.1.1.1.dsc
termcap-compat_1.1.2_i386.deb
  to dists/proposed-updates/termcap-compat_1.1.2_i386.deb
termcap-compat_1.1.2_i386.deb
  to dists/potato/main/binary-i386/oldlibs/termcap-compat_1.1.2.deb
  replacing termcap-compat_1.1.1.1.1.deb

Note that this package is not part of the released stable Debian
distribution.  It may have dependencies on other unreleased software,
or other instabilities.  Please take care if you wish to install it.
The update will eventually make its way into the next released Debian
distribution.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 43141@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Hudon <chrish@debian.org> (supplier of updated termcap-compat package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----

Format: 1.6
Date: Tue, 26 Oct 1999 23:02:23 -0400
Source: termcap-compat
Binary: termcap-compat
Architecture: source i386
Version: 1.1.2
Distribution: stable unstable
Urgency: high
Maintainer: Christian Hudon <chrish@debian.org>
Description: 
 termcap-compat - Compatibility package for old termcap-based programs.
Closes: 18972 24200 24785 43141 45363
Changes: 
 termcap-compat (1.1.2) stable unstable; urgency=HIGH
 .
   * Corrected typo in description. (Closes: #18972)
   * Fixed two buffer overflows. (Closes: #24200, #43141)
   * Removed hardcoded reference to i486. (Closes: #24785)
   * Added check to debian/rules to make sure that package
     is compiled with altgcc. (Closes: #45363)
   * Moved from section misc to oldlibs.
Files: 
 b39e30575596ddd81723c786e092b61f 618 oldlibs extra termcap-compat_1.1.2.dsc
 06d7a9b9888b64004ce79d2abc29c00f 321833 oldlibs extra termcap-compat_1.1.2.tar.gz
 be787f16a2f9ce3ba895a32b7e2cb65c 192714 oldlibs extra termcap-compat_1.1.2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQCVAwUBOBZruY4/+LDuJkz5AQGsLgP9Gx9W/FTf9w4KtHPWxVlpQyw43d9IKA8a
mmiMuT+k8BTYK3rmLqjLbLQOk2cfjj0wVCf1WR1vgRknpigmEITO1tfUhqO9vmUl
/6YjJjZLHt5q5a3KJQ6hKgicryWkZ/HQS1sNHL7OVMJD38e+K6CG2u1MxEJlvwu3
cyGNz/4z/AI=
=GuHK
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.