Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3120

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3120
Last Modified 21 Aug 2010 12:33:11
Published 17 Oct 2005 04:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3120

Summary

Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.

Vulnerable Systems

Application

  • University Of Kansas Lynx 2.8.3

  • University Of Kansas Lynx 2.8.4

  • University Of Kansas Lynx 2.8.6

  • University Of Kansas Lynx 2.8.6 Dev13


References

FULLDISC - 20051017 Lynx Remote Buffer Overflow

MISC - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253

REDHAT - RHSA-2005:803

UBUNTU - USN-206-1

BID - 15117

BUGTRAQ - 20060602 Re: [SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities

FEDORA - FLSA:152832

OPENPKG - OpenPKG-SA-2005.026

SUSE - SUSE-SR:2005:025

MANDRIVA - MDKSA-2005:186

GENTOO - GLSA-200510-15

DEBIAN - DSA-1085

DEBIAN - DSA-876

DEBIAN - DSA-874

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-010.htm

SLACKWARE - SSA:2005-310-03

SECTRACK - 1015065

SECUNIA - 20383

SECUNIA - 18584

SECUNIA - 18376

SECUNIA - 17480

SECUNIA - 17445

SECUNIA - 17444

SECUNIA - 17360

SECUNIA - 17340

SECUNIA - 17248

SECUNIA - 17238

SECUNIA - 17231

SECUNIA - 17230

SECUNIA - 17216

SECUNIA - 17150

TRUSTIX - TSLSA-2005-0059

SCO - SCOSA-2005.47

SCO - SCOSA-2006.7


Last Updated: 27 May 2016 10:40:48