what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

usn-206-1.txt

usn-206-1.txt
Posted Oct 18, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-206-1 - Ulf Harnhammar discovered a remote vulnerability in Lynx when connecting to a news server (NNTP). The function that added missing escape chararacters to article headers did not check the size of the target buffer. Specially crafted news entries could trigger a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the user running lynx. In order to exploit this, the user is not even required to actively visit a news site with Lynx since a malicious HTML page could automatically redirect to an nntp:// URL with malicious news items.

tags | advisory, remote, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2005-3120
SHA-256 | 4b6361b06b6efcaf52522e3904afc75117232a9f7bf5c7fb14936353de5f181d

usn-206-1.txt

Change Mirror Download
===========================================================
Ubuntu Security Notice USN-206-1 October 17, 2005
lynx vulnerability
CAN-2005-3120
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

lynx

The problem can be corrected by upgrading the affected package to
version 2.8.5-1ubuntu1.1 (for Ubuntu 4.10), 2.8.5-2ubuntu0.5.04 (for
Ubuntu 5.04), or 2.8.5-2ubuntu0.5.10 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Ulf Harnhammar discovered a remote vulnerability in Lynx when
connecting to a news server (NNTP). The function that added missing
escape chararacters to article headers did not check the size of the
target buffer. Specially crafted news entries could trigger a buffer
overflow, which could be exploited to execute arbitrary code with the
privileges of the user running lynx. In order to exploit this, the
user is not even required to actively visit a news site with Lynx
since a malicious HTML page could automatically redirect to an nntp://
URL with malicious news items.


Updated packages for Ubuntu 4.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-1ubuntu1.1.diff.gz
Size/MD5: 17668 c5251ad9cead60e416cf21a461371877
http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-1ubuntu1.1.dsc
Size/MD5: 620 4b4310912f7f76fe01cf8312707be244
http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5.orig.tar.gz
Size/MD5: 2984352 5f516a10596bd52c677f9bfd9579bc28

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-1ubuntu1.1_amd64.deb
Size/MD5: 1882872 8be361fa3eead1e76cbbf2426c255c8b

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-1ubuntu1.1_i386.deb
Size/MD5: 1833368 d481856973186dd5d432e1102c49a917

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-1ubuntu1.1_powerpc.deb
Size/MD5: 1878484 1496a6331a4666295bd89703e509037a

Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.04.diff.gz
Size/MD5: 18015 6171994c6c8f67d84267aa69d00ba292
http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.04.dsc
Size/MD5: 626 08ff9f5a955222f051e4e78101ef7c40
http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5.orig.tar.gz
Size/MD5: 2984352 5f516a10596bd52c677f9bfd9579bc28

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.04_amd64.deb
Size/MD5: 1881886 74bc70c3731c903e69fd74eb0a6d2d68

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.04_i386.deb
Size/MD5: 1832038 f2e333289856566f93f19ca8fd0c5dfd

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.04_powerpc.deb
Size/MD5: 1878380 6440d4eae5fadef31aaf21c5396ef401

Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.10.diff.gz
Size/MD5: 18015 0f7b6e508094dabd59bee9018b368523
http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.10.dsc
Size/MD5: 626 2a90195b05000a7f318eb04386d1ad1c
http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5.orig.tar.gz
Size/MD5: 2984352 5f516a10596bd52c677f9bfd9579bc28

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.10_amd64.deb
Size/MD5: 1901120 c2e0da03f20b892aaea81d0f0588f7b1

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.10_i386.deb
Size/MD5: 1833214 7c021c0b0667d3aedc8479579d52e5ad

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.10_powerpc.deb
Size/MD5: 1881080 5ef72d193817f616e99f01113f6053dd
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close