Showing 1 - 3 of 3

CVE-2008-4690

Status Candidate

Overview

lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler.

Related Files

Gentoo Linux Security Advisory 200909-15: Posted Sep 15, 2009; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory GLSA 200909-15 - An incomplete fix for an issue related to the Lynx URL handler might allow for the remote execution of arbitrary commands. Clint Ruoho reported that the fix for CVE-2005-2929 (GLSA 200511-09) only disabled the lynxcgi:// handler when not using the advanced mode. Versions less than 2.8.6-r4 are affected.; tags | advisory, remote, arbitrary; systems | linux, gentoo; advisories | CVE-2005-2929, CVE-2008-4690; SHA-256 | 02bc04e4d8cec2c90bdae6e8c11d3a1946370660f56aa9c92e266e97300b5684; Download | Favorite | View

Mandriva Linux Security Advisory 2008-218: Posted Oct 28, 2008; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory - A vulnerability was found in the Lynxcgi: URI handler that could allow an attacker to create a web page redirecting to a malicious URL that would execute arbitrary code as the user running Lynx, if they were using the non-default Advanced user mode. This update corrects these issues and, in addition, makes Lynx always prompt the user before loading a lynxcgi: URI. As well, the default lynx.cfg configuration file marks all lynxcgi: URIs as untrusted.; tags | advisory, web, arbitrary; systems | linux, mandriva; advisories | CVE-2008-4690; SHA-256 | 985b8d2bc9b5db4c673208074097d3cf3a736514dfd033339dc951e94fff711f; Download | Favorite | View

Mandriva Linux Security Advisory 2008-217: Posted Oct 28, 2008; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory - A flaw was found in the way Lynx handled.mailcap and.mime.types configuration files. If these files were present in the current working directory, they would be loaded prior to similar files in the user's home directory. This could allow a local attacker to possibly execute arbitrary code as the user running Lynx, if they could convince the user to run Lynx in a directory under their control. A vulnerability was found in the Lynxcgi: URI handler that could allow an attacker to create a web page redirecting to a malicious URL that would execute arbitrary code as the user running Lynx, if they were using the non-default Advanced user mode. This update corrects these issues and, in addition, makes Lynx always prompt the user before loading a lynxcgi: URI. As well, the default lynx.cfg configuration file marks all lynxcgi: URIs as untrusted.; tags | advisory, web, arbitrary, local; systems | linux, mandriva; advisories | CVE-2006-7234, CVE-2008-4690; SHA-256 | 6e7e3bc6097f70cd80a0acb4394a11415cfa5fa3bb16fc1b29d35794b961993a; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 265 files
indoushka 169 files
Jay Turla 150 files
Ubuntu 77 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Gentoo 25 files
Karn Ganeshen 23 files

File Archives

Systems

AIX (430)
Apple (2,115)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,125)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,592)
HPUX (881)
iOS (390)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,327)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,893)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,867)
UNIX (9,458)
UnixWare (188)
Windows (6,772)
Other

CVE-2008-4690

Overview

Related Files

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems