[MORE] Lynx's 2.x buffers overflows

From: Efrain Torres - Estudiante General (etorresat_private)
Date: Sun May 03 1998 - 23:38:12 PDT

Next message: Tom Czarnik: "Re: Netmanage Holes -- addendum"

Previous message: jtb: "Re: RSI.0001.05-01-98.ALL.QUAKE_SERVER"
Next in thread: Bela Lubkin: "Re: [MORE] Lynx's 2.x buffers overflows"
Reply: Bela Lubkin: "Re: [MORE] Lynx's 2.x buffers overflows"
Reply: Theo de Raadt: "Re: [MORE] Lynx's 2.x buffers overflows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

h0l4,

Not only lynx have this buffer overflow in a send e-mail MAILTO. It has
segmentation fault in the options menu when u enter:

A big E)ditor name, D)ISPLAY variable, B)ookmark file , P)ersonal mail
address  . I know this can not be exploited remotly but can be use to
execute arbitrary commands in a menu restricted enviroment. There are
easier ways to get a shell on a menu but this is just one way of many, and
it isnt a shell escape option its just  another stupid bug.



Efrain 'ET' Torres
    [LOWNOISE]

etat_private-president.sucks.co

Next message: Tom Czarnik: "Re: Netmanage Holes -- addendum"
Previous message: jtb: "Re: RSI.0001.05-01-98.ALL.QUAKE_SERVER"
Next in thread: Bela Lubkin: "Re: [MORE] Lynx's 2.x buffers overflows"
Reply: Bela Lubkin: "Re: [MORE] Lynx's 2.x buffers overflows"
Reply: Theo de Raadt: "Re: [MORE] Lynx's 2.x buffers overflows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:52:13 PDT