CVE-2005-2929
published 2005-11-18CVE-2005-2929: Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
4.92%
91.0th percentile
Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | lynx | — | — |
| lynx | lynx | <= 2.8.6 | — |
| lynx | lynx | — | — |
| lynx | lynx | — | — |
| lynx | lynx | — | — |
| lynx | lynx | — | — |
| lynx | lynx | — | — |
| lynx | lynx | — | — |
| university_of_kansas | lynx | — | — |
| university_of_kansas | lynx | — | — |
| university_of_kansas | lynx | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_debian7.5LOW
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
lynx: remote arbitrary command execution via a crafted lynxcgi: URL
vendor_redhat·2008-10-09·CVSS 7.5
CVE-2008-4690 [HIGH] CWE-78 lynx: remote arbitrary command execution via a crafted lynxcgi: URL
lynx: remote arbitrary command execution via a crafted lynxcgi: URL
lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler.
Debian
CVE-2008-4690: lynx - lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configur...
vendor_debian·2008·CVSS 7.5
CVE-2008-4690 [HIGH] CVE-2008-4690: lynx - lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configur...
lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Red Hat
lynx arbitrary command execution
vendor_redhat·2005-11-11·CVSS 7.5
CVE-2005-2929 [HIGH] lynx arbitrary command execution
lynx arbitrary command execution
Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Debian
CVE-2005-2929: lynx - Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to ex...
vendor_debian·2005·CVSS 7.5
CVE-2005-2929 [HIGH] CVE-2005-2929: lynx - Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to ex...
Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-wjrg-f7gg-3p35: lynx 2
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2008-4690 [HIGH] GHSA-wjrg-f7gg-3p35: lynx 2
lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler.
GHSA
GHSA-f56f-988c-jq3p: Lynx 2
ghsa_unreviewed·2022-05-03
CVE-2005-2929 [HIGH] GHSA-f56f-988c-jq3p: Lynx 2
Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2008-4690 lynx: remote arbitrary command execution via a crafted lynxcgi: URL
bugzilla·2008-10-23·CVSS 7.5
CVE-2008-4690 [HIGH] CVE-2008-4690 lynx: remote arbitrary command execution via a crafted lynxcgi: URL
CVE-2008-4690 lynx: remote arbitrary command execution via a crafted lynxcgi: URL
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4690 to
the following vulnerability:
lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx
is configured as a URL handler, allows remote attackers to execute
arbitrary commands via a crafted lynxcgi: URL, a related issue to
CVE-2005-2929. NOTE: this might only be a vulnerability in limited
deployments that have defined a lynxcgi: handler.
Affected Lynx versions: 2.8.6dev.15 and earlier
References:
http://www.openwall.com/lists/oss-security/2008/10/09/2
Discussion:
The versions of Lynx currently shipped in Red Hat Enterprise Linux 2.1, 3, 4 and 5, and Fedora 8 and 9 have original patch for CVE-2005-2929 applied. Their cur
Bugzilla
CVE-2005-2929 lynx arbitrary command execution
bugzilla·2005-11-11·CVSS 7.5
CVE-2005-2929 [HIGH] CVE-2005-2929 lynx arbitrary command execution
CVE-2005-2929 lynx arbitrary command execution
lynx arbitrary command execution
It is possible for a remote attacker to execute arbitrary commands as
the user running lynx by using specially crafted lynxcgi: URL.
http://marc.theaimsgroup.com/?l=full-disclosure&m=113172754719215&w=2
This issue also affects RHEL3
This issue also affects RHEL2.1
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2005-839.html
Bugzilla
CVE-2005-2929 lynx arbitrary command execution
bugzilla·2005-11-11·CVSS 7.5
CVE-2005-2929 [HIGH] CVE-2005-2929 lynx arbitrary command execution
CVE-2005-2929 lynx arbitrary command execution
lynx arbitrary command execution
It is possible for a remote attacker to execute arbitrary commands as
the user running lynx by using specially crafted lynxcgi: URL.
http://marc.theaimsgroup.com/?l=full-disclosure&m=113172754719215&w=2
This issue also affects FC3
Discussion:
From User-Agent: XML-RPC
lynx-2.8.5-23.2 has been pushed for FC4, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
Bugzilla
Lynx issues (CVE-2005-2929 and CVE-2005-3120)
bugzilla·2004-10-29·CVSS 7.5
CVE-2005-2929 [HIGH] Lynx issues (CVE-2005-2929 and CVE-2005-3120)
Lynx issues (CVE-2005-2929 and CVE-2005-3120)
04.42.20 CVE: Not Available
Platform: Cross Platform
Title: Lynx Malformed HTML Infinite Loop Denial of Service
Description: The Lynx web browser is vulnerable to a denial of service
condition while handling certain malformed HTML pages. This issue
sends the software into an infinite loop, consuming CPU resources for
the system.
Ref: http://www.securityfocus.com/archive/1/378632
------- Additional Comments From [email protected] 2004-12-08 10:23:17 ----
backtrace:
#0 0x4207a7eb in chunk_alloc () from /lib/i686/libc.so.6
#1 0x4207a158 in malloc () from /lib/i686/libc.so.6
#2 0x08057c22 in mem_is_avail ()
#3 0x08057c6d in LY_check_calloc ()
#4 0x0805a208 in split_line ()
#5 0x0805c46d in HText_appendCharacter ()
#6 0x0809d9a5 in HTML_put_chara
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txtftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.55/SCOSA-2005.55.txthttp://secunia.com/advisories/17372http://secunia.com/advisories/17512http://secunia.com/advisories/17546http://secunia.com/advisories/17556http://secunia.com/advisories/17576http://secunia.com/advisories/17666http://secunia.com/advisories/17757http://secunia.com/advisories/18051http://secunia.com/advisories/18376http://secunia.com/advisories/18659http://securityreason.com/securityalert/173http://securitytracker.com/id?1015195http://support.avaya.com/elmodocs2/security/ASA-2006-035.htmhttp://www.gentoo.org/security/en/glsa/glsa-200511-09.xmlhttp://www.idefense.com/application/poi/display?id=338&type=vulnerabilitieshttp://www.mandriva.com/security/advisories?name=MDKSA-2005:211http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.htmlhttp://www.redhat.com/support/errata/RHSA-2005-839.htmlhttp://www.securityfocus.com/archive/1/419763/100/0/threadedhttp://www.securityfocus.com/bid/15395http://www.vupen.com/english/advisories/2005/2394https://exchange.xforce.ibmcloud.com/vulnerabilities/23119https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9712ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txtftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.55/SCOSA-2005.55.txthttp://secunia.com/advisories/17372http://secunia.com/advisories/17512http://secunia.com/advisories/17546http://secunia.com/advisories/17556http://secunia.com/advisories/17576http://secunia.com/advisories/17666http://secunia.com/advisories/17757http://secunia.com/advisories/18051http://secunia.com/advisories/18376http://secunia.com/advisories/18659http://securityreason.com/securityalert/173http://securitytracker.com/id?1015195http://support.avaya.com/elmodocs2/security/ASA-2006-035.htmhttp://www.gentoo.org/security/en/glsa/glsa-200511-09.xmlhttp://www.idefense.com/application/poi/display?id=338&type=vulnerabilitieshttp://www.mandriva.com/security/advisories?name=MDKSA-2005:211http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.htmlhttp://www.redhat.com/support/errata/RHSA-2005-839.htmlhttp://www.securityfocus.com/archive/1/419763/100/0/threadedhttp://www.securityfocus.com/bid/15395http://www.vupen.com/english/advisories/2005/2394https://exchange.xforce.ibmcloud.com/vulnerabilities/23119https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9712
2005-11-18
Published