Ulf Harnhammar found a flaw in Lynx that can be triggered when Lynx connects to a NNTP server. A malicious news server could cause a buffer overflow, leading to the potential of arbitrary code execution as the user running lynx. This issue requires a victim connects to the malicious news server, however this could be forced by a redirect from any malicious web page. Embargo set for 20051017
Created attachment 119760 [details] Proposed patch from Thomas Dickey for lynx 2.8.6dev.14
Public today, removing embargo: http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-803.html
From User-Agent: XML-RPC lynx-2.8.5-23.1 has been pushed for FC4, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.