Uncursing the ncurses: Memory corruption vulnerabilities found in library | allinfosecnews.com

Sept. 14, 2023, 12:15 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Microsoft has discovered a set of memory corruption vulnerabilities in a library called ncurses, which provides APIs that support text-based user interfaces (TUI). Released in 1993, the ncurses library is commonly used by various programs on Portable Operating System Interface (POSIX) operating systems, including Linux, macOS, and FreeBSD. Using environment variable poisoning, attackers could chain these vulnerabilities to elevate privileges and run code in the targeted program’s context or perform other malicious actions.

One of the most common vulnerabilities …

apis called corruption environment environment variable found freebsd interface library linux macos memory memory corruption microsoft operating system operating systems portable posix support system systems text variable vulnerabilities

More from malware.news / Malware Analysis, News and Indicators - Latest topics

New Redline Version: Uses Lua Bytecode, Propagates Through GitHub 12 hours ago | malware.news

bytecode code detect found +12

Cybersecurity firm Darktrace sold to Thoma Bravo for $5.3 billion 1 day ago | malware.news

acquisition article cybersecurity darktrace +5

Arctic Wolf Recognized as a Leader in Frost & Sullivan Managed Detection and Response Report 1 day, 1 hour ago | malware.news

amp and response april arctic +20

CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche 1 day, 1 hour ago | malware.news

april avalanche components critical +19

Showcasing Artwork by Max for Autism Awareness Month 1 day, 1 hour ago | malware.news

art article artwork autism +6

TikTok, Flowmon, Cisco, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland - SWN #381 1 day, 2 hours ago | malware.news

article cisco deepfakes flowmon +6

Kaiser Permanente notifies 13.4M patients of potential data exposure 1 day, 2 hours ago | malware.news

apps article data data exposure +16

Impact of organizational structure on ransomware outcomes: Where does your org fit in? 1 day, 2 hours ago | malware.news

article challenges core security detection +15

VA is warning veterans about Change Healthcare cyberattack, secretary says 1 day, 3 hours ago | malware.news

alerting article attack change +14

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Senior Security Researcher, SIEM

@ Huntress | Remote Canada

View on infosec-jobs.com

Senior Application Security Engineer

@ Revinate | San Francisco Bay Area

View on infosec-jobs.com

Cyber Security Manager

@ American Express Global Business Travel | United States - New York - Virtual Location

View on infosec-jobs.com

Incident Responder Intern

@ Bentley Systems | Remote, PA, US

View on infosec-jobs.com

SC2024-003533 Senior Online Vulnerability Assessment Analyst (CTS) - THU 9 May

@ EMW, Inc. | Mons, Wallonia, Belgium

View on infosec-jobs.com