Microsoft Uncovered Critical Flaws in Ncurses Library Impacting Linux and macOS

Microsoft researchers have recently discovered a series of critical memory corruption vulnerabilities in ncurses, an open-source library that enables text-based user interfaces in Linux, macOS, and other POSIX-compliant operating systems. 

These vulnerabilities, collectively now tracked as CVE-2023-29491 with a severity rating of 7.8 on the CVSS scale, could enable attackers to bypass security protections and execute arbitrary code on vulnerable systems.

One of the most common vulnerabilities found in modern software, memory corruption vulnerabilities, can allow attackers to gain unauthorized access to systems and data by modifying a program’s memory.

The impact of memory corruption vulnerabilities can range from leaking sensitive information and performing a simple denial-of-service (DoS) to elevating privileges and executing arbitrary code. - Microsoft wrote.

Ncurses is commonly leveraged by various programs including the 'top' administrative utility in macOS that runs with elevated privileges. 

By exploiting the newly found vulnerabilities in ncurses, malicious actors could potentially seize control of such setuid programs and misuse their high-level system access to view sensitive data, modify files, or install malware.

Given how commonly ncurses is used, the implications of these flaws are quite troubling. The vulnerabilities exist in the core logic that parses "terminfo" files which contain information about terminal capabilities. The successful exploitation of the flaws leads attackers to leak sensitive data from memory and can crash programs, by chaining different flaws together. 

The specific vulnerabilities found include a stack information leak, parameterized type confusion bugs, an off-by-one error in cost calculation, a heap overflow when parsing terminfo databases, and a denial of service issue with mishandled canceled strings.

Chaining some of these weaknesses together could potentially allow the takeover of the entire software flow and arbitrary code execution.

Microsoft responsibly disclosed these vulnerabilities to the ncurses maintainer Thomas Dickey and Apple. Fixes have now been deployed in ncurses commit 20230408. Apple has also addressed the macOS-specific issues. Users are strongly advised to update ncurses on their systems immediately.

The discovery highlights the importance of cross-platform security research and coordinated vulnerability disclosure. 

Microsoft has robust vulnerability management and endpoint detection capabilities for both Linux and macOS, allowing quick discovery and remediation of such issues. With threats continuing to grow across platforms, Microsoft aims to continuously improve security for all users regardless of their operating system.