[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Vulnerability in Lynx Downloading

Title: Vulnerability in Lynx Downloading
Released by:
Date: 15th July 1997
Printable version: Click here 
I. Description



Lynx, on Un*x systems, may be coerced to read or execute arbitrary

files on the local system regardless of restrictions set by the

system administrator.



Installed versions of Lynx up to and including version 2.7.1 on Unix

or Unix-like operating systems are vulnerable.





II. Impact



A. Captive Lynx installations



   Users of Lynx in a captive situation (where the Lynx user does not

   normally have access to a shell prompt, or to a menu system that allows

   the user to run arbitrary commands) can get access to a shell prompt.

   This includes public Lynxes as well as any setup where the user

   is restricted as to which programs can be run.



B. All Lynx installations



   This vulnerability could also conceivably allow malicious webmasters to

   add these carefully crafted URLs to their pages to cause unsuspecting

   Lynx users (in captive accounts or otherwise) to execute arbitrary commands.



   This vulnerability can be exploited by anyone who can provide Lynx a

   carefully crafted URL.



III. Workaround



If administrators of captive Lynxes cannot apply the code patches or

obtain updated binaries as described below, they are advised to disable

(g)oto on Lynx.



There is currently no workaround for impact "B" above.  The code patches

below must be applied (or updated binaries obtained) to eliminate

this impact.





IV. Solution



Current developmental releases of Lynx have fixed this problem since

1997-06-26.  Patches you may find from before that date may not

entirely eliminate the vulnerability.



The most recent stable version of Lynx (version 2.7.1) can be

patched to fix this problem by replacing the file "lynx2-7-1/src/LYDownload.c"

with a replacement file.



The replacement file to eliminate this vulnerability in version

2.7.1 is available (courtesy of Foteos Macrides) at:

     http://www.slcc.edu/lynx/fote/patches/lynx2-7-1/src/LYDownload.c



All systems running Lynx versions 2.7.1 or earlier should be

updated to fix this problem.



Two development branches of the Lynx source code are available at:

     http://www.slcc.edu/lynx/fote/patches/

     http://www.slcc.edu/lynx/current/



Binary distributions of Lynx may be found at:

     http://www.crl.com/~subir/lynx/binaries.html



Note that producing binaries is a volunteer job and the latest (or any)

version may not be available for a specific platform.





V. Contact information



If you believe you have found a security problem with the current

version of Lynx, we urge you to forward it to the LYNX-DEV

mailing list at .



The LYNX-DEV mailing list (with further information about this

vulnerability) is archived at:

     http://www.flora.org/lynx-dev/



Lynx security information is available at:

     http://www.crl.com/~subir/lynx/security.html



General information about Lynx is available at:

     http://lynx.browser.org/



On-line help and documentation about Lynx is available using the

(h)elp command. More help is available in the source distribution.

Should your questions not be answered by these means, further

questions may be directed to .



Please don't contact Lynx developers personally about Lynx-related

issues; please use either the mailing list or the "help" addresses

given above.






(C) 1999-2000 All rights reserved.