Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4690

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-4690
Last Modified 21 Aug 2010 01:25:05
Published 22 Oct 2008 02:00:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4690

Summary

lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler.

Vulnerable Systems

Application

  • Lynx 2.8.1

  • Lynx 2.8.2

  • Lynx 2.8.3

  • Lynx 2.8.4

  • Lynx 2.8.5

  • Lynx 2.8.6


References

FEDORA - FEDORA-2008-9597

FEDORA - FEDORA-2008-9550

XF - lynx-lynxcgi-code-execution(46228)

SECTRACK - 1021105

REDHAT - RHSA-2008:0965

MLIST - [oss-security] 20081009 lynx lynxcgi handler flaw

MANDRIVA - MDVSA-2008:218

MANDRIVA - MDVSA-2008:217

SECUNIA - 33568

SECUNIA - 32967

SECUNIA - 32416

SUSE - SUSE-SR:2009:002


Last Updated: 27 May 2016 10:48:35