Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 19 Apr 2023 19:23:59 +0200
From: Solar Designer <solar@...nwall.com>
To: "Jonathan Bar Or (JBO)" <jobaror@...rosoft.com>
Cc: Carlos L?pez <clopez@...e.de>, oss-security@...ts.openwall.com
Subject: Re: ncurses fixes upstream

On Wed, Apr 19, 2023 at 04:55:06PM +0000, Jonathan Bar Or (JBO) wrote:
> Yes, now that the cat is out of the bag there's no point - you can find some POCs here (not every find is covered by a POC, FYI):
> https://drive.google.com/drive/u/0/folders/1XZiHbH7W7is8cwTu7DKrpwBTYuYfRZqE
> 
> Note not all of them work on Linux - some are macOS focused too.

I'm attaching the 5 scripts from there to this message for archival,
as-is (text/plain) and in tar.gz (to avoid any mangling).  There's also
Ncurses.pdf, but it's too large for the mailing list because of embedded
screenshots.  SHA-256's of these all:

c3b981fad88f17cc201bfa7f4230a348e30b449238e3d3406852691770876eda  cost_oob_read.sh
526cde9fc78cb0712c0b725ecea316913f0302194702ebccdf1a1a146f32dac9  gen_terminfo.py
f787189535fa21a8924db2afc2ef6301a931805b43ef8ea13cdefab6aacb83d0  heap_overflow.sh
2049668efcf24f34ce200d6c2b96fefc389cf4092cfd6c99f5da66a3d46b9a5f  leak.sh
66b0706b0852a5b9e9644bea98edc0b0b84f5f7fec028fe2bf03964d46002594  type_confusion.sh

47b30bdd9fbf35cc900c3869e2303d0dabea44176fdfdfced97bd4ee329529c9  ncurses-exp.tar.gz

a8ba31a02b596f7a9f61f61cc7a98ed9aac2d358f49614d4f480bcfad3fd2a78  Ncurses.pdf

Alexander

View attachment "cost_oob_read.sh" of type "text/plain" (296 bytes)

View attachment "gen_terminfo.py" of type "text/plain" (1628 bytes)

View attachment "heap_overflow.sh" of type "text/plain" (4757 bytes)

View attachment "leak.sh" of type "text/plain" (451 bytes)

View attachment "type_confusion.sh" of type "text/plain" (262 bytes)

Download attachment "ncurses-exp.tar.gz" of type "application/x-gzip" (1475 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.