oss-sec mailing list archives
Re: CVE request: lynx (old) .mailcap handling flaw
From: Tavis Ormandy <taviso () sdf lonestar org>
Date: Mon, 27 Oct 2008 18:38:19 +0000
On Sat, Oct 25, 2008 at 08:27:51PM +0200, Tomas Hoger wrote:
Hi Steven! There's one old lynx issue that seem to need a 2006 CVE id. lynx browser prior to 2.8.6rel.4 tries to open mailcap and mime type definition files form the current directory. If user can be convinced to run lynx in a specially crafted directory, an attacker controlling the directory may be able to run arbitrary code as the victim running lynx.
That reminds me, I recently noticed valgrind also does this. $ printf -- "--db-command=/usr/bin/id\n--db-attach=yes\n" > /tmp/.valgrindrc Etc. Thanks, Tavis. -- ------------------------------------- taviso () sdf lonestar org | finger me for my gpg key. -------------------------------------------------------
Current thread:
- CVE request: lynx (old) .mailcap handling flaw Tomas Hoger (Oct 25)
- Re: CVE request: lynx (old) .mailcap handling flaw Steven M. Christey (Oct 27)
- Re: CVE request: lynx (old) .mailcap handling flaw Tavis Ormandy (Oct 27)
- Re: CVE request: lynx (old) .mailcap handling flaw Tomas Hoger (Oct 28)
- Re: CVE request: lynx (old) .mailcap handling flaw Tavis Ormandy (Oct 29)
- Re: CVE request: lynx (old) .mailcap handling flaw Tomas Hoger (Oct 29)
- Re: CVE request: lynx (old) .mailcap handling flaw Tomas Hoger (Oct 28)