Notified: August 06, 2001 Updated: August 27, 2001
Not Affected
This is not an issue for HP.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 13, 2001 Updated: August 06, 2001
Affected
Yes, the other two binaries also must be remade with the new library. We neglected to do that, and we are in the process of creating them.
The vendor has not provided us with any further information regarding this vulnerability.
There are additional files (auditsh and termsh) that still need to be remade with the new library. The above vendor statement reflects the need to relink all current applications with the new library. Until these are release, a workaround would be to set permissions on the two files. All programs that use the curses library must be re-linked with this new library to take advantage of the fix. SCO OpenServer and UnixWare 7 ship with the curses library. Download and install the new files for your system as specified in the Caldera Advisory (CSSA-2001-SCO.1).
Notified: August 06, 2001 Updated: August 08, 2001
Affected
IRIX 6.5 and above is not vulnerable to the libcurses buffer overflow. It was fixed as part of bug 530675.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 31, 2001 Updated: August 09, 2001
Affected
We fixed this buffer overflow via bugID: 4313067 security: libcurses:setupterm has buffer overflow The above bugID was patched for all affected releases: 110458-01 SunOS 5.8: libcurses patch 110459-01 SunOS 5.8_x86: libcurses patch 110070-01 SunOS 5.7: security: libcurses:setupterm has buffer overflow 110071-01 SunOS 5.7_x86: security: libcurses:setupterm has buffer overflow 105405-03 SunOS 5.6: libcurses.a & libcurses.so.1 patch 105406-03 SunOS 5.6_x86: libcurses.a & libcurses.so.1 patch 104637-04 SunOS 5.5.1: /usr/ccs/lib/libcurses.a patch 104638-04 SunOS 5.5.1_x86: /usr/ccs/lib/libcurses.a patch 110339-01 SunOS 5.5: libcurses:setupterm has buffer overflow 110341-01 SunOS 5.5_x86: libcurses:setupterm has buffer overflow 110051-01 SunOS 5.4: Patch for libcurses 110052-01 SunOS 5.4_x86: Patch for libcurses 101325-05 SunOS 5.3: jumbo fmli patch, libcurses.a
The vendor has not provided us with any further information regarding this vulnerability.
Sun Microsystems: Versions of SunOS earlier than 5.8 are vulnerable. This vulnerability has been addressed as BugID 4313067. Download and install the new files for your system from Sun.