Lynx '.mailcap'和'.mime.type'文件本地代码执行漏洞

2008-10-28T00:00:00
ID SSV:4365
Type seebug
Reporter Root
Modified 2008-10-28T00:00:00

Description

BUGTRAQ ID: 31917 CVE ID:CVE-2006-7234 CNCVE ID:CNCVE-20087234

Lynx是一款基于文本的浏览器。 Lynx处理'.mailcap'和'.mime.type'文件存在问题,本地攻击者可以利用漏洞以应用程序权限执行任意指令。 Lynx从当前目录中打开mailcap和mime类型定义文件,如果用户可以在特殊构建的目录中诱使用户运行lynx,攻击者可以控制目录以运行lynx用户权限执行任意代码。

University of Kansas Lynx 2.8.6 dev9 University of Kansas Lynx 2.8.6 dev8 University of Kansas Lynx 2.8.6 dev7 University of Kansas Lynx 2.8.6 dev6 University of Kansas Lynx 2.8.6 dev5 University of Kansas Lynx 2.8.6 dev4 University of Kansas Lynx 2.8.6 dev3 University of Kansas Lynx 2.8.6 dev2 University of Kansas Lynx 2.8.6 dev15 University of Kansas Lynx 2.8.6 dev14 University of Kansas Lynx 2.8.6 dev13 University of Kansas Lynx 2.8.6 dev12 University of Kansas Lynx 2.8.6 dev11 University of Kansas Lynx 2.8.6 dev10 University of Kansas Lynx 2.8.6 dev1 University of Kansas Lynx 2.8.6 University of Kansas Lynx 2.8.5 dev.8 + MandrakeSoft Linux Mandrake 9.0 + MandrakeSoft Linux Mandrake 8.2 ppc + MandrakeSoft Linux Mandrake 8.2 + MandrakeSoft Linux Mandrake 8.1 ia64 + MandrakeSoft Linux Mandrake 8.1 + MandrakeSoft Linux Mandrake 8.0 ppc + MandrakeSoft Linux Mandrake 8.0 + MandrakeSoft Linux Mandrake 7.2 + MandrakeSoft Multi Network Firewall 2.0 + MandrakeSoft Single Network Firewall 7.2 University of Kansas Lynx 2.8.5 dev.5 University of Kansas Lynx 2.8.5 dev.4 University of Kansas Lynx 2.8.5 dev.3 University of Kansas Lynx 2.8.5 dev.2 University of Kansas Lynx 2.8.5 + MandrakeSoft Corporate Server 3.0 x86_64 + MandrakeSoft Corporate Server 3.0 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Linux Mandrake 2006.0 x86_64 + MandrakeSoft Linux Mandrake 2006.0 + MandrakeSoft Linux Mandrake 10.2 x86_64 + MandrakeSoft Linux Mandrake 10.2 + MandrakeSoft Linux Mandrake 10.1 x86_64 + MandrakeSoft Linux Mandrake 10.1 + MandrakeSoft Multi Network Firewall 2.0 + Ubuntu Ubuntu Linux 5.10 powerpc + Ubuntu Ubuntu Linux 5.10 i386 + Ubuntu Ubuntu Linux 5.10 amd64 + Ubuntu Ubuntu Linux 5.0 4 powerpc + Ubuntu Ubuntu Linux 5.0 4 i386 + Ubuntu Ubuntu Linux 5.0 4 amd64 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 University of Kansas Lynx 2.8.4 rel.1 University of Kansas Lynx 2.8.4 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Server 3.1 + Caldera OpenLinux Workstation 3.1.1 + Caldera OpenLinux Workstation 3.1 + Conectiva Linux 8.0 + Conectiva Linux 7.0 + Debian Linux 3.0 + RedHat Linux for iSeries 7.1 + RedHat Linux for pSeries 7.1 + Sun Linux 5.0.6 + Trustix Secure Linux 1.5 + Trustix Secure Linux 1.2 + Trustix Secure Linux 1.1 University of Kansas Lynx 2.8.3 rel.1 University of Kansas Lynx 2.8.3 pre.5 University of Kansas Lynx 2.8.3 dev2x University of Kansas Lynx 2.8.3 dev.22 University of Kansas Lynx 2.8.3 + Debian Linux 2.2 University of Kansas Lynx 2.8.2 rel.1 University of Kansas Lynx 2.8.1 University of Kansas Lynx 2.8 RedHat Enterprise Linux WS 5 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux AS 2.1 IA64 RedHat Enterprise Linux AS 2.1 RedHat Enterprise Linux 5 server RedHat Desktop 4.0 RedHat Desktop 3.0 RedHat Advanced Workstation for the Itanium Processor 2.1 IA64 RedHat Advanced Workstation for the Itanium Processor 2.1 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia-64 Debian Linux 3.0 ia-32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0 升级到Kansas Lynx 2.8.6 rel.4版本: University of Kansas Lynx 2.8 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.1 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.2 rel.1 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.3 dev2x University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.3 dev.22 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.3 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.3 rel.1 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.3 pre.5 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.4 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.4 rel.1 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.5 dev.8 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.5 dev.5 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.5 dev.4 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.5 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.5 dev.3 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.5 dev.2 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev3 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev2 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev15 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev4 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev1 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev10 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev14 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev7 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev8 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev9 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev13 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev6 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev12 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev11 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev5 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a>

                                        
                                            
                                                .mime.types:
application/x-bug bug
.mailcap:
application/x-bug; xmessage 'Hello, World!'