what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New


Posted Sep 23, 1999


SHA-256 | a6529b83f3db11be920f8d4110d64a72d032786614de8a77ed2f03af6af66cf5


Change Mirror Download

Subject: Caldera Security Advisory SA-1997.12: Vulnerabilities in Lynx

Caldera Security Advisory SA-1997.12

Original report date: 15-Jul-1997
RPM build date: 29-Jul-1997
Original issue date: 06-Aug-1997

Topic: Vulnerabilities in Lynx

Note: two vulnerabilities are addressed in this advisory.

I. Problem Description

Problem 1:
Lynx typically stores persistent temporary files in /tmp on Un*x
systems. The filenames Lynx chooses can be predicted, and another
user on the system may be able to exploit a race condition to replace
the temporary file with a symbolic link or with another file.

Installed versions of Lynx where a directory writable by other users
(such as /tmp on a machine to which multiple users have access) is used
to store files during download are vulnerable. This vulnerability can
only be exploited by a user with access to an account on the machine
running Lynx.

Problem 2:
Lynx, on Un*x systems, may be coerced to read or execute arbitrary
files on the local system regardless of restrictions set by the
system administrator.

Installed versions of Lynx up to and including version 2.7.1 on Unix
or Unix-like operating systems are vulnerable.

II. Impact

Problem 1:
A malicious user with access to the same machine as other Lynx users
may be able to cause another user's Lynx process to overwrite another
file. It may also be possible to replace the contents of a downloaded
file with a file other than the one the user downloaded, or to cause
the user to print a file other than the one selected for printing.

Problem 2:
A. Captive Lynx installations

Users of Lynx in a captive situation (where the Lynx user does not
normally have access to a shell prompt, or to a menu system that allows
the user to run arbitrary commands) can get access to a shell prompt.
This includes public Lynxes as well as any setup where the user
is restricted as to which programs can be run.

B. All Lynx installations

This vulnerability could also conceivably allow malicious
webmasters to add these carefully crafted URLs to their pages to
cause unsuspecting Lynx users (in captive accounts or otherwise)
to execute arbitrary commands.

This vulnerability can be exploited by anyone who can provide
Lynx a carefully crafted URL.

This problem was present on the following OpenLinux releases:
CND 1.0
Base 1.0
Lite 1.1
Base 1.1
Standard 1.1
To determine if you are effected and need this update you may do
the following:
rpm -q lynx
If the results show a release earlier than lynx-2.7.1-4, you
should upgrade.

III. Solution

Install the new lynx-2.7.1-4.i386.rpm package that contains
the fixed version of lynx. It is located on Caldera's
FTP server (ftp.caldera.com):


Source files are also available at:


The MD5 checksums (from the "md5sum" command) for these
packages are:

f01a6209a99573216e810f7f507e296b lynx-2.7.1-4.i386.rpm
6e3a1293679518d2e127399c9ea3f6ee lynx-2.7.1-4.src.rpm

Install the new version of lynx in the following manner:

rpm -e lynx
rpm -i lynx-2.7.1-4.i386.rpm

CND will need to upgrade to a newer version of the RPM tool to
install this package. See:


IV. References / Credits

This and other Caldera security resources are located at:


CERT Vendor-Initiated Bulletin VB-97.05 - Vul in Lynx Temporary Files
CERT Vendor-Initiated Bulletin VB-97.06 - Vul in Lynx Downloading

The LYNX-DEV mailing list (with further information about this
vulnerability) is archived at:


Lynx security information is available at:

General information about Lynx is available at:

This advisory closes Caldera's internal bug reports #702 and #849.

V. PGP Signature

This message was signed with the PGP key for <security@caldera.com>.

This key can be obtained from:

Or on an OpenLinux CDROM under:

$Id: SA-1997.12,v 1.1 1997/08/06 20:13:54 ron Exp ron $

Version: 2.6.3a
Charset: noconv

Login or Register to add favorites

File Archive:

March 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    13 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    31 Files
  • 8
    Mar 8th
    16 Files
  • 9
    Mar 9th
    13 Files
  • 10
    Mar 10th
    9 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    10 Files
  • 14
    Mar 14th
    6 Files
  • 15
    Mar 15th
    17 Files
  • 16
    Mar 16th
    22 Files
  • 17
    Mar 17th
    13 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    16 Files
  • 21
    Mar 21st
    13 Files
  • 22
    Mar 22nd
    5 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By