Home page logo

bugtraq logo Bugtraq mailing list archives

Re: [MORE] Lynx's 2.x buffers overflows
From: belal () SCO COM (Bela Lubkin)
Date: Wed, 6 May 1998 03:03:52 -0700

Efrain Torres wrote:

Not only lynx have this buffer overflow in a send e-mail MAILTO. It has
segmentation fault in the options menu when u enter:

A big E)ditor name, D)ISPLAY variable, B)ookmark file , P)ersonal mail
address  . I know this can not be exploited remotly but can be use to
execute arbitrary commands in a menu restricted enviroment. There are
easier ways to get a shell on a menu but this is just one way of many, and
it isnt a shell escape option its just  another stupid bug.

I had to go back to Lynx 2.3BETA, from 1994, to duplicate this.  My next
newest binary was Lynx 2.5, from early 1996, and it seems to be fine.
The source certainly intends to be handling long input correctly.

The current release version is 2.8, with 2.8.1 under development; see

I submitted a patch to the Lynx maintenance group for the mailto: URL

I am curious why these Lynx bugs are being reported to bugtraq, but not
to the developers of Lynx.  Likewise for bugs in anything else.  Please
have the courtesy to report them to the people who should be fixing


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]