Bugtraq mailing list archives

[MORE] Lynx's 2.x buffers overflows

From: etorres () esap edu co (Efrain Torres - Estudiante General)
Date: Mon, 4 May 1998 11:38:12 +0500


h0l4,

Not only lynx have this buffer overflow in a send e-mail MAILTO. It has
segmentation fault in the options menu when u enter:

A big E)ditor name, D)ISPLAY variable, B)ookmark file , P)ersonal mail
address  . I know this can not be exploited remotly but can be use to
execute arbitrary commands in a menu restricted enviroment. There are
easier ways to get a shell on a menu but this is just one way of many, and
it isnt a shell escape option its just  another stupid bug.



Efrain 'ET' Torres
    [LOWNOISE]

et () my narco-president sucks co

Current thread:

Lynx's 2.8 buffer overflow Michal Zalewski (May 03)
- [MORE] Lynx's 2.x buffers overflows Efrain Torres - Estudiante General (May 03)
- dip-3.3.7o security hole Goran Gajic (May 05)