Package: lynx, lynx-cur Severity: grave Tags: security Various vendors have reported a remotely exploitable buffer overflow vulnerability in Lynx.
From: Martin Pitt <[EMAIL PROTECTED]> Subject: [USN-206-1] Lynx vulnerability To: [EMAIL PROTECTED] Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com Date: Mon, 17 Oct 2005 11:40:48 +0200 Message-ID: <[EMAIL PROTECTED]> =========================================================== Ubuntu Security Notice USN-206-1 October 17, 2005 lynx vulnerability CAN-2005-3120 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: lynx The problem can be corrected by upgrading the affected package to version 2.8.5-1ubuntu1.1 (for Ubuntu 4.10), 2.8.5-2ubuntu0.5.04 (for Ubuntu 5.04), or 2.8.5-2ubuntu0.5.10 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Ulf Harnhammar discovered a remote vulnerability in Lynx when connecting to a news server (NNTP). The function that added missing escape chararacters to article headers did not check the size of the target buffer. Specially crafted news entries could trigger a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the user running lynx. In order to exploit this, the user is not even required to actively visit a news site with Lynx since a malicious HTML page could automatically redirect to an nntp:// URL with malicious news items. [...] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
