ID USN-1642-1 Type ubuntu Reporter Ubuntu Modified 2012-11-29T00:00:00
Description
Dan Rosenberg discovered a heap-based buffer overflow in Lynx. If a user were tricked into opening a specially crafted page, a remote attacker could cause a denial of service via application crash, or possibly execute arbitrary code as the user invoking the program. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-2810)
It was discovered that Lynx did not properly verify that an HTTPS certificate was signed by a trusted certificate authority. This could allow an attacker to perform a “man in the middle” (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. This update changes the behavior of Lynx such that self-signed certificates no longer validate. Users requiring the previous behavior can use the ‘FORCE_SSL_PROMPT’ option in lynx.cfg. (CVE-2012-5821)
{"id": "USN-1642-1", "bulletinFamily": "unix", "title": "Lynx vulnerabilities", "description": "Dan Rosenberg discovered a heap-based buffer overflow in Lynx. If a user were tricked into opening a specially crafted page, a remote attacker could cause a denial of service via application crash, or possibly execute arbitrary code as the user invoking the program. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-2810)\n\nIt was discovered that Lynx did not properly verify that an HTTPS certificate was signed by a trusted certificate authority. This could allow an attacker to perform a \u201cman in the middle\u201d (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. This update changes the behavior of Lynx such that self-signed certificates no longer validate. Users requiring the previous behavior can use the \u2018FORCE_SSL_PROMPT\u2019 option in lynx.cfg. (CVE-2012-5821)", "published": "2012-11-29T00:00:00", "modified": "2012-11-29T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/1642-1/", "reporter": "Ubuntu", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2012-5821", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-2810"], "cvelist": ["CVE-2012-5821", "CVE-2010-2810"], "type": "ubuntu", "lastseen": "2018-08-31T00:08:40", "history": [{"bulletin": {"affectedPackage": [{"OS": "Ubuntu", "OSVersion": "11.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "lynx-cur", "packageVersion": "2.8.8dev.9-2ubuntu0.11.10.1"}, {"OS": "Ubuntu", "OSVersion": "12.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "lynx-cur", "packageVersion": "2.8.8dev.12-2ubuntu0.1"}, {"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "lynx-cur", "packageVersion": "2.8.8dev.9-2ubuntu0.12.04.1"}, {"OS": "Ubuntu", "OSVersion": "10.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "lynx-cur", "packageVersion": "2.8.8dev.2-1ubuntu0.1"}], "bulletinFamily": "unix", "cvelist": ["CVE-2012-5821", "CVE-2010-2810"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Dan Rosenberg discovered a heap-based buffer overflow in Lynx. If a user were tricked into opening a specially crafted page, a remote attacker could cause a denial of service via application crash, or possibly execute arbitrary code as the user invoking the program. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-2810)\n\nIt was discovered that Lynx did not properly verify that an HTTPS certificate was signed by a trusted certificate authority. This could allow an attacker to perform a \u201cman in the middle\u201d (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. This update changes the behavior of Lynx such that self-signed certificates no longer validate. Users requiring the previous behavior can use the \u2018FORCE_SSL_PROMPT\u2019 option in lynx.cfg. (CVE-2012-5821)", "edition": 2, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "9f7ee782075efb1b089ce3eb6a8ac98015fb74a628911164f59f6dd085919355", "hashmap": [{"hash": "664a81a0fddba8f828f8fa682c02f90f", "key": "modified"}, {"hash": "84205637d4fa49a1c744a057a7456624", "key": "references"}, {"hash": "664a81a0fddba8f828f8fa682c02f90f", "key": "published"}, {"hash": "74e15303ad2744caf018ff97fe21e4a9", "key": "description"}, {"hash": "9f8d81a08921fb734a1198c3d29c532c", "key": "affectedPackage"}, {"hash": "1d41c853af58d3a7ae54990ce29417d8", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "7146cedaca9d8db2314ecfae8d996509", "key": "cvelist"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "3d945423f8e9496c429a5d8c65b4604f", "key": "reporter"}, {"hash": "fd2da02a3de2c1e94bc16d62c7c9f7da", "key": "href"}, {"hash": "a88d5f122042df2b080af5f38b3ed623", "key": "title"}], "history": [], "href": "https://usn.ubuntu.com/1642-1/", "id": "USN-1642-1", "lastseen": "2018-08-30T20:09:52", "modified": "2012-11-29T00:00:00", "objectVersion": "1.3", "published": "2012-11-29T00:00:00", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2012-5821", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-2810"], "reporter": "Ubuntu", "title": "Lynx vulnerabilities", "type": "ubuntu", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T20:09:52"}, {"bulletin": {"affectedPackage": [{"OS": "Ubuntu", "OSVersion": "11.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "lynx-cur", "packageVersion": "2.8.8dev.9-2ubuntu0.11.10.1"}, {"OS": "Ubuntu", "OSVersion": "12.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "lynx-cur", "packageVersion": "2.8.8dev.12-2ubuntu0.1"}, {"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "lynx-cur", "packageVersion": "2.8.8dev.9-2ubuntu0.12.04.1"}, {"OS": "Ubuntu", "OSVersion": "10.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "lynx-cur", "packageVersion": "2.8.8dev.2-1ubuntu0.1"}], "bulletinFamily": "unix", "cvelist": ["CVE-2012-5821", "CVE-2010-2810"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Dan Rosenberg discovered a heap-based buffer overflow in Lynx. If a user were tricked into opening a specially crafted page, a remote attacker could cause a denial of service via application crash, or possibly execute arbitrary code as the user invoking the program. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-2810)\n\nIt was discovered that Lynx did not properly verify that an HTTPS certificate was signed by a trusted certificate authority. This could allow an attacker to perform a \u201cman in the middle\u201d (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. This update changes the behavior of Lynx such that self-signed certificates no longer validate. Users requiring the previous behavior can use the \u2018FORCE_SSL_PROMPT\u2019 option in lynx.cfg. (CVE-2012-5821)", "edition": 1, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "hash": "6fd4bbd0a7dbe739e2bd48460b29a0e15bf569a1447536ee334b7e38d9013156", "hashmap": [{"hash": "664a81a0fddba8f828f8fa682c02f90f", "key": "modified"}, {"hash": "84205637d4fa49a1c744a057a7456624", "key": "references"}, {"hash": "664a81a0fddba8f828f8fa682c02f90f", "key": "published"}, {"hash": "74e15303ad2744caf018ff97fe21e4a9", "key": "description"}, {"hash": "9f8d81a08921fb734a1198c3d29c532c", "key": "affectedPackage"}, {"hash": "1d41c853af58d3a7ae54990ce29417d8", "key": "type"}, {"hash": "7146cedaca9d8db2314ecfae8d996509", "key": "cvelist"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "3d945423f8e9496c429a5d8c65b4604f", "key": "reporter"}, {"hash": "fd2da02a3de2c1e94bc16d62c7c9f7da", "key": "href"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "a88d5f122042df2b080af5f38b3ed623", "key": "title"}], "history": [], "href": "https://usn.ubuntu.com/1642-1/", "id": "USN-1642-1", "lastseen": "2018-03-29T18:17:07", "modified": "2012-11-29T00:00:00", "objectVersion": "1.3", "published": "2012-11-29T00:00:00", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2012-5821", "https://people.canonical.com/~ubuntu-security/cve/CVE-2010-2810"], "reporter": "Ubuntu", "title": "Lynx vulnerabilities", "type": "ubuntu", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-03-29T18:17:07"}], "edition": 3, "hashmap": [{"key": "affectedPackage", "hash": "9f8d81a08921fb734a1198c3d29c532c"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "7146cedaca9d8db2314ecfae8d996509"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "74e15303ad2744caf018ff97fe21e4a9"}, {"key": "href", "hash": "fd2da02a3de2c1e94bc16d62c7c9f7da"}, {"key": "modified", "hash": "664a81a0fddba8f828f8fa682c02f90f"}, {"key": "published", "hash": "664a81a0fddba8f828f8fa682c02f90f"}, {"key": "references", "hash": "84205637d4fa49a1c744a057a7456624"}, {"key": "reporter", "hash": "3d945423f8e9496c429a5d8c65b4604f"}, {"key": "title", "hash": "a88d5f122042df2b080af5f38b3ed623"}, {"key": "type", "hash": "1d41c853af58d3a7ae54990ce29417d8"}], "hash": "6fd4bbd0a7dbe739e2bd48460b29a0e15bf569a1447536ee334b7e38d9013156", "viewCount": 0, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}, "vulnersScore": 6.8}, "objectVersion": "1.3", "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "11.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "lynx-cur", "packageVersion": "2.8.8dev.9-2ubuntu0.11.10.1"}, {"OS": "Ubuntu", "OSVersion": "12.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "lynx-cur", "packageVersion": "2.8.8dev.12-2ubuntu0.1"}, {"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "lynx-cur", "packageVersion": "2.8.8dev.9-2ubuntu0.12.04.1"}, {"OS": "Ubuntu", "OSVersion": "10.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "lynx-cur", "packageVersion": "2.8.8dev.2-1ubuntu0.1"}]}
{"cve": [{"lastseen": "2017-08-29T12:17:52", "references": ["http://www.ubuntu.com/usn/USN-1642-1", "http://www.mandriva.com/security/advisories?name=MDVSA-2013:101", "https://exchange.xforce.ibmcloud.com/vulnerabilities/79930", "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0351", "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"], "edition": 2, "description": "Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function.", "reporter": "NVD", "published": "2012-11-04T17:55:04", "title": "CVE-2012-5821", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2012-5821"], "scanner": [], "cpe": ["cpe:/a:lynx:lynx:-"], "modified": "2017-08-28T21:32:47", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5821", "id": "CVE-2012-5821", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-08-17T11:14:53", "references": ["http://www.vupen.com/english/advisories/2010/2042", "http://www.ubuntu.com/usn/USN-1642-1", "http://marc.info/?l=oss-security&m=128151768510564&w=2", "https://exchange.xforce.ibmcloud.com/vulnerabilities/61007", "https://bugs.launchpad.net/ubuntu/+source/lynx-cur/+bug/613254", "http://marc.info/?l=oss-security&m=128152412221677&w=2"], "description": "Heap-based buffer overflow in the convert_to_idna function in WWW/Library/Implementation/HTParse.c in Lynx 2.8.8dev.1 through 2.8.8dev.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed URL containing a % (percent) character in the domain name.", "edition": 2, "reporter": "NVD", "published": "2010-08-20T14:00:02", "title": "CVE-2010-2810", "type": "cve", "enchantments": {"score": {"modified": "2017-08-17T11:14:53", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-2810"], "scanner": [], "modified": "2017-08-16T21:32:49", "cpe": ["cpe:/a:lynx:lynx:2.8.8:dev.1", "cpe:/a:lynx:lynx:2.8.8:dev.3", "cpe:/a:lynx:lynx:2.8.8:dev.4", "cpe:/a:lynx:lynx:2.8.8:dev.2"], "id": "CVE-2010-2810", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2810", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-01T23:59:42", "references": ["http://www.ubuntu.com/usn/usn-1642-1/", "1642-1"], "pluginID": "1361412562310841235", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1642-1", "edition": 5, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-12-04T00:00:00", "title": "Ubuntu Update for lynx-cur USN-1642-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5821", "CVE-2010-2810"], "modified": "2018-08-17T00:00:00", "id": "OPENVAS:1361412562310841235", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841235", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1642_1.nasl 11037 2018-08-17 11:51:16Z cfischer $\n#\n# Ubuntu Update for lynx-cur USN-1642-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\n\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1642-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841235\");\n script_version(\"$Revision: 11037 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-08-17 13:51:16 +0200 (Fri, 17 Aug 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-04 09:48:39 +0530 (Tue, 04 Dec 2012)\");\n script_cve_id(\"CVE-2010-2810\", \"CVE-2012-5821\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1642-1\");\n script_name(\"Ubuntu Update for lynx-cur USN-1642-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|11\\.10|10\\.04 LTS|12\\.10)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1642-1\");\n script_tag(name:\"affected\", value:\"lynx-cur on Ubuntu 12.10,\n Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Dan Rosenberg discovered a heap-based buffer overflow in Lynx. If a user\n were tricked into opening a specially crafted page, a remote attacker could\n cause a denial of service via application crash, or possibly execute\n arbitrary code as the user invoking the program. This issue only affected\n Ubuntu 10.04 LTS. (CVE-2010-2810)\n\n It was discovered that Lynx did not properly verify that an HTTPS\n certificate was signed by a trusted certificate authority. This could allow\n an attacker to perform a "man in the middle" (MITM) attack which would make\n the user believe their connection is secure, but is actually being\n monitored. This update changes the behavior of Lynx such that self-signed\n certificates no longer validate. Users requiring the previous behavior can\n use the 'FORCE_SSL_PROMPT' option in lynx.cfg. (CVE-2012-5821)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lynx-cur\", ver:\"2.8.8dev.9-2ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lynx-cur\", ver:\"2.8.8dev.9-2ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lynx-cur\", ver:\"2.8.8dev.2-1ubuntu0.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lynx-cur\", ver:\"2.8.8dev.12-2ubuntu0.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:20:16", "references": ["http://www.ubuntu.com/usn/usn-1642-1/", "1642-1"], "pluginID": "841235", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1642-1", "edition": 3, "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "published": "2012-12-04T00:00:00", "title": "Ubuntu Update for lynx-cur USN-1642-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5821", "CVE-2010-2810"], "modified": "2017-12-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841235", "id": "OPENVAS:841235", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1642_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for lynx-cur USN-1642-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Dan Rosenberg discovered a heap-based buffer overflow in Lynx. If a user\n were tricked into opening a specially crafted page, a remote attacker could\n cause a denial of service via application crash, or possibly execute\n arbitrary code as the user invoking the program. This issue only affected\n Ubuntu 10.04 LTS. (CVE-2010-2810)\n\n It was discovered that Lynx did not properly verify that an HTTPS\n certificate was signed by a trusted certificate authority. This could allow\n an attacker to perform a "man in the middle" (MITM) attack which would make\n the user believe their connection is secure, but is actually being\n monitored. This update changes the behavior of Lynx such that self-signed\n certificates no longer validate. Users requiring the previous behavior can\n use the 'FORCE_SSL_PROMPT' option in lynx.cfg. (CVE-2012-5821)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1642-1\";\ntag_affected = \"lynx-cur on Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1642-1/\");\n script_id(841235);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-04 09:48:39 +0530 (Tue, 04 Dec 2012)\");\n script_cve_id(\"CVE-2010-2810\", \"CVE-2012-5821\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1642-1\");\n script_name(\"Ubuntu Update for lynx-cur USN-1642-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lynx-cur\", ver:\"2.8.8dev.9-2ubuntu0.12.04.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lynx-cur\", ver:\"2.8.8dev.9-2ubuntu0.11.10.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lynx-cur\", ver:\"2.8.8dev.2-1ubuntu0.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"lynx-cur\", ver:\"2.8.8dev.12-2ubuntu0.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:50:54", "references": [], "pluginID": "63108", "description": "Dan Rosenberg discovered a heap-based buffer overflow in Lynx. If a user were tricked into opening a specially crafted page, a remote attacker could cause a denial of service via application crash, or possibly execute arbitrary code as the user invoking the program. This issue only affected Ubuntu 10.04 LTS. (CVE-2010-2810)\n\nIt was discovered that Lynx did not properly verify that an HTTPS certificate was signed by a trusted certificate authority. This could allow an attacker to perform a 'man in the middle' (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. This update changes the behavior of Lynx such that self-signed certificates no longer validate. Users requiring the previous behavior can use the 'FORCE_SSL_PROMPT' option in lynx.cfg. (CVE-2012-5821).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2012-11-30T00:00:00", "title": "Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : lynx-cur vulnerabilities (USN-1642-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5821", "CVE-2010-2810"], "modified": "2018-08-01T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:lynx-cur", "cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1642-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63108", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1642-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63108);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/08/01 17:36:14\");\n\n script_cve_id(\"CVE-2010-2810\", \"CVE-2012-5821\");\n script_bugtraq_id(42316);\n script_xref(name:\"USN\", value:\"1642-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : lynx-cur vulnerabilities (USN-1642-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Dan Rosenberg discovered a heap-based buffer overflow in Lynx. If a\nuser were tricked into opening a specially crafted page, a remote\nattacker could cause a denial of service via application crash, or\npossibly execute arbitrary code as the user invoking the program. This\nissue only affected Ubuntu 10.04 LTS. (CVE-2010-2810)\n\nIt was discovered that Lynx did not properly verify that an HTTPS\ncertificate was signed by a trusted certificate authority. This could\nallow an attacker to perform a 'man in the middle' (MITM) attack which\nwould make the user believe their connection is secure, but is\nactually being monitored. This update changes the behavior of Lynx\nsuch that self-signed certificates no longer validate. Users requiring\nthe previous behavior can use the 'FORCE_SSL_PROMPT' option in\nlynx.cfg. (CVE-2012-5821).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected lynx-cur package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:lynx-cur\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2018 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(10\\.04|11\\.10|12\\.04|12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.10 / 12.04 / 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"lynx-cur\", pkgver:\"2.8.8dev.2-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"lynx-cur\", pkgver:\"2.8.8dev.9-2ubuntu0.11.10.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"lynx-cur\", pkgver:\"2.8.8dev.9-2ubuntu0.12.04.1\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"lynx-cur\", pkgver:\"2.8.8dev.12-2ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"lynx-cur\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:00:03", "references": [], "pluginID": "66113", "description": "Updated lynx package fixes security vulnerability :\n\nLynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function (CVE-2012-5821).", "edition": 5, "reporter": "Tenable", "published": "2013-04-20T00:00:00", "title": "Mandriva Linux Security Advisory : lynx (MDVSA-2013:101)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-5821"], "modified": "2018-07-19T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:lynx"], "id": "MANDRIVA_MDVSA-2013-101.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=66113", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:101. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66113);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/07/19 20:59:18\");\n\n script_cve_id(\"CVE-2012-5821\");\n script_bugtraq_id(56795);\n script_xref(name:\"MDVSA\", value:\"2013:101\");\n script_xref(name:\"MGASA\", value:\"2012-0351\");\n\n script_name(english:\"Mandriva Linux Security Advisory : lynx (MDVSA-2013:101)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated lynx package fixes security vulnerability :\n\nLynx does not verify that the server's certificate is signed by a\ntrusted certification authority, which allows man-in-the-middle\nattackers to spoof SSL servers via a crafted certificate, related to\nimproper use of a certain GnuTLS function (CVE-2012-5821).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected lynx package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lynx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lynx-2.8.7-5.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:46", "references": [], "description": "\r\n\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1642-1\r\nNovember 29, 2012\r\n\r\nlynx-cur vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.10\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 11.10\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nTwo security issues were fixed in Lynx.\r\n\r\nSoftware Description:\r\n- lynx-cur: Text-mode WWW Browser with NLS support\r\n\r\nDetails:\r\n\r\nDan Rosenberg discovered a heap-based buffer overflow in Lynx. If a user\r\nwere tricked into opening a specially crafted page, a remote attacker could\r\ncause a denial of service via application crash, or possibly execute\r\narbitrary code as the user invoking the program. This issue only affected\r\nUbuntu 10.04 LTS. (CVE-2010-2810)\r\n\r\nIt was discovered that Lynx did not properly verify that an HTTPS\r\ncertificate was signed by a trusted certificate authority. This could allow\r\nan attacker to perform a "man in the middle" (MITM) attack which would make\r\nthe user believe their connection is secure, but is actually being\r\nmonitored. This update changes the behavior of Lynx such that self-signed\r\ncertificates no longer validate. Users requiring the previous behavior can\r\nuse the 'FORCE_SSL_PROMPT' option in lynx.cfg. (CVE-2012-5821)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.10:\r\n lynx-cur 2.8.8dev.12-2ubuntu0.1\r\n\r\nUbuntu 12.04 LTS:\r\n lynx-cur 2.8.8dev.9-2ubuntu0.12.04.1\r\n\r\nUbuntu 11.10:\r\n lynx-cur 2.8.8dev.9-2ubuntu0.11.10.1\r\n\r\nUbuntu 10.04 LTS:\r\n lynx-cur 2.8.8dev.2-1ubuntu0.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1642-1\r\n CVE-2010-2810, CVE-2012-5821\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/lynx-cur/2.8.8dev.12-2ubuntu0.1\r\n https://launchpad.net/ubuntu/+source/lynx-cur/2.8.8dev.9-2ubuntu0.12.04.1\r\n https://launchpad.net/ubuntu/+source/lynx-cur/2.8.8dev.9-2ubuntu0.11.10.1\r\n https://launchpad.net/ubuntu/+source/lynx-cur/2.8.8dev.2-1ubuntu0.1\r\n\r\n\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "reporter": "Securityvulns", "published": "2012-12-02T00:00:00", "title": "[USN-1642-1] Lynx vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:46", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2012-5821", "CVE-2010-2810"], "modified": "2012-12-02T00:00:00", "id": "SECURITYVULNS:DOC:28788", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28788", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:49", "references": ["https://vulners.com/securityvulns/securityvulns:doc:28788"], "description": "Buffer oveflow, insufficient certificate check.", "edition": 1, "reporter": "BUGTRAQ", "published": "2012-12-02T00:00:00", "title": "lynx security vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:49", "vector": "NONE", "value": 10.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2012-5821", "CVE-2010-2810"], "modified": "2012-12-02T00:00:00", "id": "SECURITYVULNS:VULN:12732", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12732", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
