Efrain Torres wrote: > Not only lynx have this buffer overflow in a send e-mail MAILTO. It has > segmentation fault in the options menu when u enter: > > A big E)ditor name, D)ISPLAY variable, B)ookmark file , P)ersonal mail > address . I know this can not be exploited remotly but can be use to > execute arbitrary commands in a menu restricted enviroment. There are > easier ways to get a shell on a menu but this is just one way of many, and > it isnt a shell escape option its just another stupid bug. I had to go back to Lynx 2.3BETA, from 1994, to duplicate this. My next newest binary was Lynx 2.5, from early 1996, and it seems to be fine. The source certainly intends to be handling long input correctly. The current release version is 2.8, with 2.8.1 under development; see http://lynx.browser.org/. I submitted a patch to the Lynx maintenance group for the mailto: URL overflows. I am curious why these Lynx bugs are being reported to bugtraq, but not to the developers of Lynx. Likewise for bugs in anything else. Please have the courtesy to report them to the people who should be fixing them! >Bela<
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:52:33 PDT