Bugtraq mailing list archives
Re: [MORE] Lynx's 2.x buffers overflows
From: belal () SCO COM (Bela Lubkin)
Date: Wed, 6 May 1998 03:03:52 -0700
Efrain Torres wrote:
Not only lynx have this buffer overflow in a send e-mail MAILTO. It has segmentation fault in the options menu when u enter: A big E)ditor name, D)ISPLAY variable, B)ookmark file , P)ersonal mail address . I know this can not be exploited remotly but can be use to execute arbitrary commands in a menu restricted enviroment. There are easier ways to get a shell on a menu but this is just one way of many, and it isnt a shell escape option its just another stupid bug.
I had to go back to Lynx 2.3BETA, from 1994, to duplicate this. My next newest binary was Lynx 2.5, from early 1996, and it seems to be fine. The source certainly intends to be handling long input correctly. The current release version is 2.8, with 2.8.1 under development; see http://lynx.browser.org/. I submitted a patch to the Lynx maintenance group for the mailto: URL overflows. I am curious why these Lynx bugs are being reported to bugtraq, but not to the developers of Lynx. Likewise for bugs in anything else. Please have the courtesy to report them to the people who should be fixing them!
Bela<
Current thread:
- Re: [MORE] Lynx's 2.x buffers overflows Bela Lubkin (May 06)
- check-ps 1.2 pre-release Duncan Simpson (May 06)
- Re: [MORE] Lynx's 2.x buffers overflows Theo de Raadt (May 06)
- admintool mode 0777 in Solaris 2.6 HW3/98 Paul B. Henson (May 07)
- nestea2 and HP Jet Direct cards. Damon Petta (May 07)
- Re: nestea2 and HP Jet Direct cards. MrMurphy (May 08)
- Re: nestea2 and HP Jet Direct cards. Ben Woodard (May 20)
- Re: nestea2 and HP Jet Direct cards. (Lexmark patches) Ben Woodard (May 22)
- Exploit: Windows95/98/ (NT?) Autorun Matt Hallacy (May 22)
- ircnn-1.3devel problems Warren Rees (May 08)