7.2 - DSA-113

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	New ncurses packages available

Informations
Name	DSA-113	First vendor Publication	2002-02-18
Vendor	Debian	Last vendor Modification	2002-02-18
Severity (Vendor)	N/A	Revision	1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	7.2	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Several buffer overflows were fixed in the "ncurses" library in November 2000. Unfortunately, one was missed. This can lead to crashes when using ncurses applications in large windows.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0062 to this issue.

This problem has been fixed for the stable release of Debian in version 5.0-6.0potato2. The testing and unstable releases contain ncurses 5.2, which is not affected by this problem.

There are no known exploits for this problem, but we recommend that all users upgrade ncurses immediately.

wget url will fetch the file for you dpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update will update the internal database apt-get upgrade will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 2.2 alias potato

Original Source

Url : http://www.debian.org/security/2002/dsa-113

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Type	Description	Count
Application	Gnu Ncurses cpe:2.3:a:gnu:ncurses:::::::: cpe:2.3:a:gnu:ncurses:-:::::::*	2
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:2.2::arm::::: cpe:2.3:o:debian:debian_linux:2.2::ia-32::::: cpe:2.3:o:debian:debian_linux:2.2::68k::::: cpe:2.3:o:debian:debian_linux:2.2::sparc::::: cpe:2.3:o:debian:debian_linux:2.2::alpha::::: cpe:2.3:o:debian:debian_linux:2.2::powerpc:::::	6
Os	Freebsd cpe:2.3:o:freebsd:freebsd:5.0:-:::::: cpe:2.3:o:freebsd:freebsd:4.1.1:::::::* cpe:2.3:o:freebsd:freebsd:4.1:::::::* cpe:2.3:o:freebsd:freebsd:4.0:::::::* cpe:2.3:o:freebsd:freebsd:3.5.1:::::::* cpe:2.3:o:freebsd:freebsd:3.5:::::::* cpe:2.3:o:freebsd:freebsd:3.4:::::::* cpe:2.3:o:freebsd:freebsd:3.3:-:::::: cpe:2.3:o:freebsd:freebsd:3.2:::::::* cpe:2.3:o:freebsd:freebsd:3.1:::::::*	10
Os	Redhat Linux cpe:2.3:o:redhat:linux:7.2::i386::::: cpe:2.3:o:redhat:linux:7.1::i386::::: cpe:2.3:o:redhat:linux:7.1::alpha::::: cpe:2.3:o:redhat:linux:7.0::alpha::::: cpe:2.3:o:redhat:linux:7.0::i386::::: cpe:2.3:o:redhat:linux:6.1::i386::::: cpe:2.3:o:redhat:linux:6.1::alpha::::: cpe:2.3:o:redhat:linux:6.1::sparc:::::	8
Os	Suse Suse Linux cpe:2.3:o:suse:suse_linux:7.0:::::::* cpe:2.3:o:suse:suse_linux:6.3:::::::* cpe:2.3:o:suse:suse_linux:6.2:::::::*	3

OpenVAS Exploits

Date	Description
2008-01-17	Name : Debian Security Advisory DSA 113-1 (ncurses) File : nvt/deb_113_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
5389	ncurses Cursor/Scrolling Routine Overflow

Nessus® Vulnerability Scanner

Date	Description
2004-09-29	Name : The remote Debian host is missing a security-related update. File : debian_DSA-113.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:26:02	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	29
osvdb(s)	1
Openvas Exploit(s)	1
Nessus® Exploit(s)	1

	Related
7.2	CVE-2002-0062
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)