oss-sec mailing list archives

Re: CVE request: lynx (old) .mailcap handling flaw

From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 27 Oct 2008 12:35:38 -0400 (EDT)


======================================================
Name: CVE-2006-7234
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7234
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396949
Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=214205
Reference: MLIST:[oss-security] 20081025 CVE request: lynx (old) .mailcap handling flaw
Reference: URL:http://www.openwall.com/lists/oss-security/2008/10/25/3

Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows
local users to execute arbitrary code via malicious (1) .mailcap and
(2) mime.types files in the current working directory.

Current thread:

CVE request: lynx (old) .mailcap handling flaw Tomas Hoger (Oct 25)
- Re: CVE request: lynx (old) .mailcap handling flaw Steven M. Christey (Oct 27)
- Re: CVE request: lynx (old) .mailcap handling flaw Tavis Ormandy (Oct 27)
  - Re: CVE request: lynx (old) .mailcap handling flaw Tomas Hoger (Oct 28)
    - Re: CVE request: lynx (old) .mailcap handling flaw Tavis Ormandy (Oct 29)
    - Re: CVE request: lynx (old) .mailcap handling flaw Tomas Hoger (Oct 29)