ID |
CVE-2005-3120
|
Summary |
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:university_of_kansas:lynx:2.8.3:*:*:*:*:*:*:*
cpe:2.3:a:university_of_kansas:lynx:2.8.3:*:*:*:*:*:*:*
-
cpe:2.3:a:university_of_kansas:lynx:2.8.4:*:*:*:*:*:*:*
cpe:2.3:a:university_of_kansas:lynx:2.8.4:*:*:*:*:*:*:*
-
cpe:2.3:a:university_of_kansas:lynx:2.8.6:*:*:*:*:*:*:*
cpe:2.3:a:university_of_kansas:lynx:2.8.6:*:*:*:*:*:*:*
-
cpe:2.3:a:university_of_kansas:lynx:2.8.6_dev13:*:*:*:*:*:*:*
cpe:2.3:a:university_of_kansas:lynx:2.8.6_dev13:*:*:*:*:*:*:*
|
CVSS |
Base: | 7.5 (as of 19-10-2018 - 15:34) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
oval
via4
|
accepted | 2013-04-29T04:18:36.892-04:00 | class | vulnerability | contributors | name | Aharon Chernin | organization | SCAP.com, LLC |
name | Dragos Prisaca | organization | G2, Inc. |
| definition_extensions | comment | The operating system installed on the system is Red Hat Enterprise Linux 3 | oval | oval:org.mitre.oval:def:11782 |
comment | CentOS Linux 3.x | oval | oval:org.mitre.oval:def:16651 |
comment | The operating system installed on the system is Red Hat Enterprise Linux 4 | oval | oval:org.mitre.oval:def:11831 |
comment | CentOS Linux 4.x | oval | oval:org.mitre.oval:def:16636 |
comment | Oracle Linux 4.x | oval | oval:org.mitre.oval:def:15990 |
| description | Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters. | family | unix | id | oval:org.mitre.oval:def:9257 | status | accepted | submitted | 2010-07-09T03:56:16-04:00 | title | Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters. | version | 29 |
|
redhat
via4
|
advisories | | rpms | - lynx-0:2.8.5-11.1
- lynx-0:2.8.5-18.1
- lynx-debuginfo-0:2.8.5-11.1
- lynx-debuginfo-0:2.8.5-18.1
|
|
refmap
via4
|
bid | 15117 | bugtraq | 20060602 Re: [SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities | confirm | http://support.avaya.com/elmodocs2/security/ASA-2006-010.htm | debian | | fedora | FLSA:152832 | fulldisc | 20051017 Lynx Remote Buffer Overflow | gentoo | GLSA-200510-15 | mandriva | MDKSA-2005:186 | misc | https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253 | openpkg | OpenPKG-SA-2005.026 | sco | - SCOSA-2005.47
- SCOSA-2006.7
| sectrack | 1015065 | secunia | - 17150
- 17216
- 17230
- 17231
- 17238
- 17248
- 17340
- 17360
- 17444
- 17445
- 17480
- 18376
- 18584
- 20383
| slackware | SSA:2005-310-03 | suse | SUSE-SR:2005:025 | trustix | TSLSA-2005-0059 | ubuntu | USN-206-1 |
|
statements
via4
|
contributor | Mark J Cox | lastmodified | 2007-03-14 | organization | Red Hat | statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
|
Last major update |
19-10-2018 - 15:34 |
Published |
17-10-2005 - 20:06 |
Last modified |
19-10-2018 - 15:34 |