19 matches found
Oracle: Security Advisory (ELSA-2008-0965)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 5 : lynx (ELSA-2008-0965)
The remote Oracle Linux 5 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2008-0965 advisory. - add patch for CVE-2008-4690 rhbz468184 - prompt user before executing commands from the lynxcgi: handler, even in the advanced user mode - mark all...
Scientific Linux Security Update : lynx on SL3.x, SL4.x, SL5.x i386/x86_64
An arbitrary command execution flaw was found in the Lynx 'lynxcgi:' URI handler. An attacker could create a web page redirecting to a malicious URL that could execute arbitrary code as the user running Lynx in the non-default 'Advanced' user mode. CVE-2008-4690 Note: In these updated lynx...
Gentoo Security Advisory GLSA 200909-15 (lynx)
The remote host is missing updates announced in advisory GLSA 200909-15. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
openSUSE Security Update : lynx (lynx-275)
This update of lynx fixes a security bug that can be exploited by remote attackers to execute arbitrary commands when advanced mode is enabled and lynx is used as URL handler CVE-2008-4690 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
Fedora 10 : lynx-2.8.6-18.fc10 (2008-9952)
Fri Nov 7 2008 Jiri Moskovcak - 2.8.6-18 - Fixed CVE-2008-4690 lynx: remote arbitrary command execution. via a crafted lynxcgi: URL thoger Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
Mandriva Linux Security Advisory : lynx (MDVSA-2008:218)
A vulnerability was found in the Lynxcgi: URI handler that could allow an attacker to create a web page redirecting to a malicious URL that would execute arbitrary code as the user running Lynx, if they were using the non-default Advanced user mode CVE-2008-4690. This update corrects these issues...
Mandriva Update for lynx MDVSA-2008:218 (lynx)
Check for the Version of lynx OpenVAS Vulnerability Test Mandriva Update for lynx MDVSA-2008:218 lynx Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
CentOS Update for lynx CESA-2008:0965 centos3 x86_64
Check for the Version of lynx OpenVAS Vulnerability Test CentOS Update for lynx CESA-2008:0965 centos3 x8664 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
CentOS Update for lynx CESA-2008:0965 centos3 i386
Check for the Version of lynx OpenVAS Vulnerability Test CentOS Update for lynx CESA-2008:0965 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...
Fedora Update for lynx FEDORA-2008-9597
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora 8 : lynx-2.8.6-12.fc8 (2008-9597)
Mon Nov 10 2008 Jiri Moskovcak - 2.8.6-12 - Fixed CVE-2008-4690 lynx: remote arbitrary command execution. via a crafted lynxcgi: URL thoger - Fri May 30 2008 Jiri Moskovcak - 2.8.6-11 - updated to latest upstream version 2.8.6rel5 - Resolves: 214205 - Wed Jan 9 2008 Jiri Moskovcak - 2.8.6-10 -...
openSUSE 10 Security Update : lynx (lynx-5720)
This update of lynx fixes a security bug that can be exploited by remote attackers to execute arbitrary commands when advanced mode is enabled and lynx is used as URL handler CVE-2008-4690 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
RHEL 2.1 / 3 / 4 / 5 : lynx (RHSA-2008:0965)
An updated lynx package that corrects two security issues is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Lynx is a text-based Web browser. An arbitrary command execution flaw was...
lynx security update
CentOS Errata and Security Advisory CESA-2008:0965 An updated lynx package that corrects two security issues is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Lynx is a text-based W...
Important: Red Hat Security Advisory: lynx security update
An updated lynx package that corrects two security issues is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Lynx is a text-based Web browser. An arbitrary command execution flaw was...
lynx security update
2.8.5-28.1.1 - add patch for CVE-2008-4690 rhbz468184 - prompt user before executing commands from the lynxcgi: handler, even in the advanced user mode - mark all lynxcgi: URIs as untrusted in the default lynx.cfg - add patch to prevent lynx from opening configuration files in the current working...
CVE-2008-4690
lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have define...
CVE-2008-4690
CVE-2008-4690 affects Lynx 2.8.6dev.15 and earlier when Advanced mode is enabled and Lynx is configured as a URL handler. A crafted lynxcgi: URL can allow remote attackers to execute arbitrary commands. The connected Nessus/Gentoo/OpenVAS advisories reference Lynx fixes and mitigations: patches w...