Bug 170253 - (CVE-2005-3120) CAN-2005-3120 lynx buffer overflow
CAN-2005-3120 lynx buffer overflow
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: lynx (Show other bugs)
All Linux
medium Severity urgent
: ---
: ---
Assigned To: Tim Waugh
Brian Brock
: Security
Depends On:
  Show dependency treegraph
Reported: 2005-10-10 05:20 EDT by Mark J. Cox
Modified: 2008-10-26 05:09 EDT (History)
1 user (show)

See Also:
Fixed In Version: RHSA-2005-803
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-10-17 03:44:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Proposed patch from Thomas Dickey for lynx 2.8.6dev.14 (10.68 KB, text/plain)
2005-10-10 05:20 EDT, Mark J. Cox
no flags Details

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:803 normal SHIPPED_LIVE Critical: lynx security update 2005-10-17 00:00:00 EDT

  None (edit)
Description Mark J. Cox 2005-10-10 05:20:45 EDT
Ulf Harnhammar found a flaw in Lynx that can be triggered when Lynx connects to
a NNTP server.  A malicious news server could cause a buffer overflow, leading
to the potential of arbitrary code execution as the user running lynx.  This
issue requires a victim connects to the malicious news server, however this
could be forced by a redirect from any malicious web page.

Embargo set for 20051017
Comment 1 Mark J. Cox 2005-10-10 05:20:46 EDT
Created attachment 119760 [details]
Proposed patch from Thomas Dickey for lynx 2.8.6dev.14
Comment 6 Mark J. Cox 2005-10-17 03:28:07 EDT
Public today, removing embargo:
Comment 7 Red Hat Bugzilla 2005-10-17 03:44:27 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

Comment 8 Fedora Update System 2005-10-17 12:20:40 EDT
From User-Agent: XML-RPC

lynx-2.8.5-23.1 has been pushed for FC4, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.