Executive Summary
Summary | |
---|---|
Title | New ncurses packages available |
Informations | |||
---|---|---|---|
Name | DSA-113 | First vendor Publication | 2002-02-18 |
Vendor | Debian | Last vendor Modification | 2002-02-18 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several buffer overflows were fixed in the "ncurses" library in November 2000. Unfortunately, one was missed. This can lead to crashes when using ncurses applications in large windows. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0062 to this issue. This problem has been fixed for the stable release of Debian in version 5.0-6.0potato2. The testing and unstable releases contain ncurses 5.2, which is not affected by this problem. There are no known exploits for this problem, but we recommend that all users upgrade ncurses immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 2.2 alias potato |
Original Source
Url : http://www.debian.org/security/2002/dsa-113 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-01-17 | Name : Debian Security Advisory DSA 113-1 (ncurses) File : nvt/deb_113_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
5389 | ncurses Cursor/Scrolling Routine Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-113.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:26:02 |
|