lynx code execution - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

lynx code execution
Published: 29.10.2008
Source: BUGTRAQ
SecurityVulns ID: 9390
Type: client
Level: 6/10
Description: It's possible to execute code in Advanced Mode by redirecting to lynxcgi: URI.

Affected: LYNX : lynx 2.8
CVE: CVE-2008-4690 (lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler.)

Original document MANDRIVA, [ MDVSA-2008:218 ] lynx (29.10.2008)

Discuss: Read or add your comments to this news (0 comments)

test server