Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[USN-206-1] Lynx vulnerability
From: Martin Pitt <martin.pitt () canonical com>
Date: Mon, 17 Oct 2005 11:40:48 +0200

===========================================================
Ubuntu Security Notice USN-206-1           October 17, 2005
lynx vulnerability
CAN-2005-3120
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

lynx

The problem can be corrected by upgrading the affected package to
version 2.8.5-1ubuntu1.1 (for Ubuntu 4.10), 2.8.5-2ubuntu0.5.04 (for
Ubuntu 5.04), or 2.8.5-2ubuntu0.5.10 (for Ubuntu 5.10).  In general, a
standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Ulf Harnhammar discovered a remote vulnerability in Lynx when
connecting to a news server (NNTP). The function that added missing
escape chararacters to article headers did not check the size of the
target buffer. Specially crafted news entries could trigger a buffer
overflow, which could be exploited to execute arbitrary code with the
privileges of the user running lynx. In order to exploit this, the
user is not even required to actively visit a news site with Lynx
since a malicious HTML page could automatically redirect to an nntp://
URL with malicious news items.


Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-1ubuntu1.1.diff.gz
      Size/MD5:    17668 c5251ad9cead60e416cf21a461371877
    http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-1ubuntu1.1.dsc
      Size/MD5:      620 4b4310912f7f76fe01cf8312707be244
    http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5.orig.tar.gz
      Size/MD5:  2984352 5f516a10596bd52c677f9bfd9579bc28

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-1ubuntu1.1_amd64.deb
      Size/MD5:  1882872 8be361fa3eead1e76cbbf2426c255c8b

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-1ubuntu1.1_i386.deb
      Size/MD5:  1833368 d481856973186dd5d432e1102c49a917

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-1ubuntu1.1_powerpc.deb
      Size/MD5:  1878484 1496a6331a4666295bd89703e509037a

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.04.diff.gz
      Size/MD5:    18015 6171994c6c8f67d84267aa69d00ba292
    http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.04.dsc
      Size/MD5:      626 08ff9f5a955222f051e4e78101ef7c40
    http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5.orig.tar.gz
      Size/MD5:  2984352 5f516a10596bd52c677f9bfd9579bc28

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.04_amd64.deb
      Size/MD5:  1881886 74bc70c3731c903e69fd74eb0a6d2d68

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.04_i386.deb
      Size/MD5:  1832038 f2e333289856566f93f19ca8fd0c5dfd

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.04_powerpc.deb
      Size/MD5:  1878380 6440d4eae5fadef31aaf21c5396ef401

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.10.diff.gz
      Size/MD5:    18015 0f7b6e508094dabd59bee9018b368523
    http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.10.dsc
      Size/MD5:      626 2a90195b05000a7f318eb04386d1ad1c
    http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5.orig.tar.gz
      Size/MD5:  2984352 5f516a10596bd52c677f9bfd9579bc28

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.10_amd64.deb
      Size/MD5:  1901120 c2e0da03f20b892aaea81d0f0588f7b1

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.10_i386.deb
      Size/MD5:  1833214 7c021c0b0667d3aedc8479579d52e5ad

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/l/lynx/lynx_2.8.5-2ubuntu0.5.10_powerpc.deb
      Size/MD5:  1881080 5ef72d193817f616e99f01113f6053dd

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [USN-206-1] Lynx vulnerability Martin Pitt (Oct 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault