Tech Support
Documentation
Login
Contact Us
Critical Ncurses Library Flaw Exposed by Microsoft
Wajahat Raja
September 26, 2023 - TuxCare expert team
Microsoft’s security researchers have discovered a number of critical memory security vulnerabilities in the ncurses library patch. Ncurses is the short form of new curses. This open-source library is critical for implementing text-based user interfaces in POSIX-compliant operating systems such as Linux and macOS. Let’s have a deeper look at the ncurses library flaw.
Ncurses Library Risk Assessment
Microsoft Threat Intelligence researchers Jonathan Bar Or, Emanuele Cozzi, and Michael Pearse detailed their findings in a technical ncurses vulnerability report. This report, which is in context to the ncurses security update, illustrates the exploitability of these vulnerabilities via a method known as “environment variable poisoning.” Attackers could chain these vulnerabilities together by manipulating environment variables, resulting in privilege escalation and unauthorized code execution within the context of a targeted program.
CVE-2023-29491: The Critical Identifier
These vulnerabilities, together known as CVE-2023-29491, have a high CVSS (Common Vulnerability Scoring System) score of 7.8. It is crucial to note, however, that these vulnerabilities have been addressed and fixed as of April 2023 to mitigate the security implications of ncurses flaw.
Microsoft collaborated extensively with Apple to address macOS-specific concerns related to these vulnerabilities. Environment variables are user-defined values that affect how different programs act within Linux system security. When these variables are changed, they can force apps to execute behaviors that are normally forbidden.
Terminfo: Ncurses Library Best Practices
The ncurses library interacts with various environment variables, including TERMINFO, according to Microsoft’s rigorous code auditing and fuzzing methods. These variables, when paired with the identified weaknesses, could be exploited to achieve privilege escalation. Notably, the TERMINFO variable is linked to a database, allowing programs to communicate with display terminals regardless of device.
A stack information leak, parameterized string type confusion, an off-by-one error, heap overflow during terminfo database file processing, and a denial-of-service vulnerability related to canceled strings are among the flaws uncovered. While these open-source library vulnerabilities are certainly dangerous, exploiting them usually necessitates a multi-stage attack. To achieve their goals, attackers may need to chain the stack information leak with a heap overflow.
Microsoft’s Response To The Ncurses Library Flaw
Microsoft acted responsibly in revealing this Linux terminal vulnerability to ncurses maintainer Thomas Dickey and Apple. As a result, solutions were quickly deployed in ncurses commit 20230408, and Apple resolved the macOS-specific bugs. Users are urgently advised to update their ncurses installations as soon as possible to achieve terminal application security.
Microsoft is still committed to improving security in Linux and macOS systems, thanks to its powerful vulnerability management and endpoint detection capabilities. In an era of increasing threats across several platforms, Microsoft is working on ncurses bug fix for all users, regardless of the operating system.
Conclusion
Finally, the discovery of these bugs behind serious vulnerabilities in the ncurses library highlights the need for protecting against Ncurses exploits. This finding also highlights the need for terminal emulator security research and coordinated vulnerability disclosure. These joint activities are critical for guaranteeing the overall security of various operating systems. Users must be cautious and maintain Linux command-line security in order to mitigate the potential hazards connected with these vulnerabilities.
Know more about how LibCare from TuxCare can help automate live patching for shared libraries.
The sources for this piece include articles in The Hacker News and Cyber Kendra.
