|CERT-In Vulnerability Note
Lynx 'HTrjis' NNTP Remote Buffer Overflow Vulnerability
Original Issue Date:October 20, 2005
Severity Rating: HIGH
A buffer overflow vulnerability has been identified in Lynx 2.x, which could be exploited by remote attackers to compromise the system.
Lynx is a text browser for the World Wide Web. It has been observed that a buffer overflow vulnerability exists in the "HTrjis " function of HTMIME.c that does not properly validate specially crafted NNTP Network News Transfer Protocol article headers. This can be exploited remotely to cause a stack based buffer overflow by manipulating the user to visit a malicious website which redirects to a malicious NNTP server.
Successful exploitation of this vulnerability may allow a remote user to execute arbitrary commands.
Upgrade to Lynx version 2.8.6dev.14 :
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-2436857
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003