Bugtraq mailing list archives
Lynx 2.8 overflow
From: mixter () HOME POPMAIL COM (Mixter)
Date: Tue, 16 Mar 1999 00:26:31 +0100
Sorry if this is a well-known bug This was tested with Lynx Version 2.8.1pre.9. An IMG tag with a width of about 250 chars instantly crashes this version (and probably others). This bug is not limited to lynx, it was first discovered with MSIE 4/5. As far as I know, the overflow is due to a limited and non-checked buffer in function strrchr() ... Here is some sample code: <img width=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001> FAILED<br><br> Mixter ---------------------- members.xoom.com/i0wnu
Current thread:
- sendmail 8.9.3 patches to curb RCPT harvesters Peter W (Mar 11)
- Re: sendmail 8.9.3 patches to curb RCPT harvesters Tim Pierce (Mar 12)
- <Possible follow-ups>
- Re: sendmail 8.9.3 patches to curb RCPT harvesters Peter W (Mar 13)
- Re: sendmail 8.9.3 patches to curb RCPT harvesters Andy Church (Mar 13)
- /usr/bin/doscmd on BSDI kasper (Mar 13)
- Re: /usr/bin/doscmd on BSDI Warner Losh (Mar 17)
- Re: sendmail 8.9.3 patches to curb RCPT harvesters Aggelos P. Varvitsiotis (Mar 15)
- Lynx 2.8 overflow Mixter (Mar 15)
- ISS Security Advisory: LDAP Buffer overflow against Microsoft X-Force (Mar 16)
- Microsoft Security Bulletin (MS99-009) aleph1 () UNDERGROUND ORG (Mar 16)
- /usr/bin/doscmd on BSDI kasper (Mar 13)