oss-sec mailing list archives

Re: CVE request: lynx (old) .mailcap handling flaw

From: Tavis Ormandy <taviso () sdf lonestar org>
Date: Mon, 27 Oct 2008 18:38:19 +0000

On Sat, Oct 25, 2008 at 08:27:51PM +0200, Tomas Hoger wrote:

Hi Steven!

There's one old lynx issue that seem to need a 2006 CVE id.  lynx
browser prior to 2.8.6rel.4 tries to open mailcap and mime type
definition files form the current directory.  If user can be convinced
to run lynx in a specially crafted directory, an attacker controlling
the directory may be able to run arbitrary code as the victim running
lynx.


That reminds me, I recently noticed valgrind also does this.

$ printf -- "--db-command=/usr/bin/id\n--db-attach=yes\n" > /tmp/.valgrindrc

Etc.

Thanks, Tavis.

-- 
-------------------------------------
taviso () sdf lonestar org | finger me for my gpg key.
-------------------------------------------------------

Current thread:

CVE request: lynx (old) .mailcap handling flaw Tomas Hoger (Oct 25)
- Re: CVE request: lynx (old) .mailcap handling flaw Steven M. Christey (Oct 27)
- Re: CVE request: lynx (old) .mailcap handling flaw Tavis Ormandy (Oct 27)
  - Re: CVE request: lynx (old) .mailcap handling flaw Tomas Hoger (Oct 28)
    - Re: CVE request: lynx (old) .mailcap handling flaw Tavis Ormandy (Oct 29)
    - Re: CVE request: lynx (old) .mailcap handling flaw Tomas Hoger (Oct 29)