Bug 170253 (CVE-2005-3120)

Summary: CAN-2005-3120 lynx buffer overflow
Product: [Other] Security Response Reporter: Mark J. Cox <mjc>
Component: vulnerabilityAssignee: Tim Waugh <twaugh>
Status: CLOSED ERRATA QA Contact: Brian Brock <bbrock>
Severity: urgent Docs Contact:
Priority: medium    
Version: unspecifiedCC: osoukup, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: RHSA-2005-803 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-10-17 07:44:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Description Flags
Proposed patch from Thomas Dickey for lynx 2.8.6dev.14 none

Description Mark J. Cox 2005-10-10 09:20:45 UTC
Ulf Harnhammar found a flaw in Lynx that can be triggered when Lynx connects to
a NNTP server.  A malicious news server could cause a buffer overflow, leading
to the potential of arbitrary code execution as the user running lynx.  This
issue requires a victim connects to the malicious news server, however this
could be forced by a redirect from any malicious web page.

Embargo set for 20051017

Comment 1 Mark J. Cox 2005-10-10 09:20:46 UTC
Created attachment 119760 [details]
Proposed patch from Thomas Dickey for lynx 2.8.6dev.14

Comment 6 Mark J. Cox 2005-10-17 07:28:07 UTC
Public today, removing embargo:

Comment 7 Red Hat Bugzilla 2005-10-17 07:44:27 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Comment 8 Fedora Update System 2005-10-17 16:20:40 UTC
From User-Agent: XML-RPC

lynx-2.8.5-23.1 has been pushed for FC4, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.