Microsoft has recently discovered vulnerabilities in the ncurses library, a widely used library for handling text-based user interfaces in Unix-like operating systems. These vulnerabilities could potentially be exploited by attackers to carry out malicious actions.
During its research, Microsoft found that the ncurses library searches for several environment variables during initialization, including TERMINFO. TERMINFO is an environment variable used for terminal databases. It was found that TERMINFO can be manipulated to point to an arbitrary directory, potentially allowing attackers to exploit vulnerabilities in ncurses. Another environment variable used by ncurses, HOME, can also be poisoned using similar techniques.
According to Microsoft, manipulating environment variables is a well-known technique used by attackers to cause programs to behave in a way that benefits their malicious purposes. This technique is commonly referred to as “poisoning.”
The vulnerabilities in the ncurses library were discovered by Microsoft through code auditing and fuzzing. The research was further advanced with the help of Gergely Kalman, who contributed to the research privately on Twitter and provided several use cases.
While the auditing was performed on the latest version of ncurses (version 6.4), Microsoft noted that earlier versions of the library may also be affected by some or all of these vulnerabilities. It is worth mentioning that the ncurses version on macOS was 5.7, but Apple has maintained several security-related patches for it. However, Microsoft’s findings are applicable to all versions of ncurses, affecting both Linux and macOS.
To mitigate the risks associated with these vulnerabilities, Microsoft has recommended using Microsoft Defender, its security solution, to detect and protect against potential abuse of TERMINFO databases on both Linux and macOS.
These vulnerabilities in the ncurses library highlight the importance of regularly auditing and updating software libraries to ensure that potential vulnerabilities are addressed. By actively researching and disclosing these vulnerabilities, Microsoft is providing valuable information to the open-source community and helping improve the security of widely used software libraries.
Users of ncurses and developers who rely on the library should take the necessary measures to protect themselves from potential exploitation. This includes updating to the latest version of ncurses, applying any available patches, and leveraging security solutions like Microsoft Defender to detect and prevent abuse of vulnerable components.
By proactively addressing these vulnerabilities, Microsoft is demonstrating its commitment to enhancing the security of popular open-source software and protecting users from potential threats. The collaborative effort between Microsoft and Gergely Kalman also highlights the importance of community involvement in detecting and addressing security issues in open-source projects.