Bugtraq mailing list archives

Re: [MORE] Lynx's 2.x buffers overflows

From: belal () SCO COM (Bela Lubkin)
Date: Wed, 6 May 1998 03:03:52 -0700


Efrain Torres wrote:

Not only lynx have this buffer overflow in a send e-mail MAILTO. It has
segmentation fault in the options menu when u enter:

A big E)ditor name, D)ISPLAY variable, B)ookmark file , P)ersonal mail
address  . I know this can not be exploited remotly but can be use to
execute arbitrary commands in a menu restricted enviroment. There are
easier ways to get a shell on a menu but this is just one way of many, and
it isnt a shell escape option its just  another stupid bug.


I had to go back to Lynx 2.3BETA, from 1994, to duplicate this.  My next
newest binary was Lynx 2.5, from early 1996, and it seems to be fine.
The source certainly intends to be handling long input correctly.

The current release version is 2.8, with 2.8.1 under development; see
http://lynx.browser.org/.

I submitted a patch to the Lynx maintenance group for the mailto: URL
overflows.

I am curious why these Lynx bugs are being reported to bugtraq, but not
to the developers of Lynx.  Likewise for bugs in anything else.  Please
have the courtesy to report them to the people who should be fixing
them!

Bela<

Current thread:

Re: [MORE] Lynx's 2.x buffers overflows Bela Lubkin (May 06)
- check-ps 1.2 pre-release Duncan Simpson (May 06)
- Re: [MORE] Lynx's 2.x buffers overflows Theo de Raadt (May 06)
- admintool mode 0777 in Solaris 2.6 HW3/98 Paul B. Henson (May 07)
- nestea2 and HP Jet Direct cards. Damon Petta (May 07)
  - Re: nestea2 and HP Jet Direct cards. MrMurphy (May 08)
  - Re: nestea2 and HP Jet Direct cards. Ben Woodard (May 20)
    - Re: nestea2 and HP Jet Direct cards. (Lexmark patches) Ben Woodard (May 22)
    - Exploit: Windows95/98/ (NT?) Autorun Matt Hallacy (May 22)
- ircnn-1.3devel problems Warren Rees (May 08)