Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200909-15
HistorySep 12, 2009 - 12:00 a.m.

Lynx: Arbitrary command execution

2009-09-1200:00:00
Gentoo Foundation
security.gentoo.org
16

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

88.2%

JSON

Background

Lynx is a fully-featured WWW client for users running cursor-addressable, character-cell display devices such as vt100 terminals and terminal emulators.

Description

Clint Ruoho reported that the fix for CVE-2005-2929 (GLSA 200511-09) only disabled the lynxcgi:// handler when not using the advanced mode.

Impact

A remote attacker can entice a user to access a malicious HTTP server, causing Lynx to execute arbitrary commands. NOTE: The advanced mode is not enabled by default. Successful exploitation requires the “lynxcgi://” protocol to be registered with lynx on the victim’s system.

Workaround

There is no known workaround at this time.

Resolution

All Lynx users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-client/lynx-2.8.6-r4"
OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-client/lynx< 2.8.6-r4UNKNOWN

Related

cve 2
openvas 27
prion 1
ubuntucve 2
cvelist 2
debiancve 2
nessus 17
nvd 2
fedora 3
securityvulns 3
redhat 2
gentoo 1
centos 4
oraclelinux 1
cve
cve
CVE-2008-4690
2008-10-22 18:00:01
CVE-2005-2929
2005-11-18 11:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200909-15 (lynx)
2009-09-15 00:00:00
Gentoo Security Advisory GLSA 200909-15 (lynx)
2009-09-15 00:00:00
Fedora Update for lynx FEDORA-2008-9597
2009-02-17 00:00:00
prion
prion
Sql injection
2008-10-22 18:00:00
ubuntucve
ubuntucve
CVE-2008-4690
2008-10-22 00:00:00
CVE-2005-2929
2005-11-18 00:00:00
cvelist
cvelist
CVE-2008-4690
2008-10-22 17:00:00
CVE-2005-2929
2005-11-18 11:00:00
debiancve
debiancve
CVE-2008-4690
2008-10-22 18:00:01
CVE-2005-2929
2005-11-18 11:00:00
nessus
nessus
GLSA-200909-15 : Lynx: Arbitrary command execution
2009-09-14 00:00:00
Mandriva Linux Security Advisory : lynx (MDVSA-2008:218)
2009-04-23 00:00:00
openSUSE Security Update : lynx (lynx-275)
2009-07-21 00:00:00
nvd
nvd
CVE-2008-4690
2008-10-22 18:00:01
CVE-2005-2929
2005-11-18 06:03:00
fedora
fedora
[SECURITY] Fedora 10 Update: lynx-2.8.6-18.fc10
2008-12-03 01:19:13
[SECURITY] Fedora 8 Update: lynx-2.8.6-12.fc8
2008-12-03 01:25:01
[SECURITY] Fedora 9 Update: lynx-2.8.6-17.fc9
2008-12-03 01:19:24
securityvulns
securityvulns
[ MDVSA-2008:218 ] lynx
2008-10-29 00:00:00
lynx code execution
2008-10-29 00:00:00
[Full-disclosure] iDefense Security Advisory 11.11.05: Multiple Vendor Lynx Command Injection Vulnerability
2005-11-11 00:00:00
redhat
redhat
(RHSA-2005:839) lynx security update
2005-11-11 00:00:00
(RHSA-2008:0965) Important: lynx security update
2008-10-27 00:00:00
gentoo
gentoo
Lynx: Arbitrary command execution
2005-11-13 00:00:00
centos
centos
lynx security update
2005-11-13 22:59:14
lynx security update
2005-11-12 01:33:47
security update
2008-10-28 22:46:30
oraclelinux
oraclelinux
lynx security update
2008-10-27 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.018 Low

EPSS

Percentile

88.2%

JSON
Related for GLSA-200909-15
cve2openvas27prion1ubuntucve2cvelist2debiancve2nessus17nvd2fedora3securityvulns3redhat2gentoo1centos4oraclelinux1