• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Lynx NNTP Article Header Buffer Overflow Vulnerability

Bugtraq ID:	15117
Class:	Boundary Condition Error
CVE:	CVE-2005-3120 CVE-2005-3120
Remote:	Yes
Local:	No
Published:	Oct 17 2005 12:00AM
Updated:	Nov 28 2006 05:35AM
Credit:	Discovery is credited to Ulf Harnhammar.
Vulnerable:	University of Kansas Lynx 2.8.6 dev9 University of Kansas Lynx 2.8.6 dev8 University of Kansas Lynx 2.8.6 dev7 University of Kansas Lynx 2.8.6 dev6 University of Kansas Lynx 2.8.6 dev5 University of Kansas Lynx 2.8.6 dev4 University of Kansas Lynx 2.8.6 dev3 University of Kansas Lynx 2.8.6 dev2 University of Kansas Lynx 2.8.6 dev13 University of Kansas Lynx 2.8.6 dev12 University of Kansas Lynx 2.8.6 dev11 University of Kansas Lynx 2.8.6 dev10 University of Kansas Lynx 2.8.6 dev1 University of Kansas Lynx 2.8.5 dev.8 + MandrakeSoft Linux Mandrake 9.0 + MandrakeSoft Linux Mandrake 8.2 ppc + MandrakeSoft Linux Mandrake 8.2 + MandrakeSoft Linux Mandrake 8.1 ia64 + MandrakeSoft Linux Mandrake 8.1 + MandrakeSoft Linux Mandrake 8.0 ppc + MandrakeSoft Linux Mandrake 8.0 + MandrakeSoft Linux Mandrake 7.2 + MandrakeSoft Multi Network Firewall 2.0 + MandrakeSoft Single Network Firewall 7.2 University of Kansas Lynx 2.8.5 dev.5 University of Kansas Lynx 2.8.5 dev.4 University of Kansas Lynx 2.8.5 dev.3 University of Kansas Lynx 2.8.5 dev.2 University of Kansas Lynx 2.8.5 + MandrakeSoft Corporate Server 3.0 x86_64 + MandrakeSoft Corporate Server 3.0 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Linux Mandrake 2006.0 x86_64 + MandrakeSoft Linux Mandrake 2006.0 + MandrakeSoft Linux Mandrake 10.2 x86_64 + MandrakeSoft Linux Mandrake 10.2 + MandrakeSoft Linux Mandrake 10.1 x86_64 + MandrakeSoft Linux Mandrake 10.1 + MandrakeSoft Multi Network Firewall 2.0 + Ubuntu Ubuntu Linux 5.10 powerpc + Ubuntu Ubuntu Linux 5.10 i386 + Ubuntu Ubuntu Linux 5.10 amd64 + Ubuntu Ubuntu Linux 5.0 4 powerpc + Ubuntu Ubuntu Linux 5.0 4 i386 + Ubuntu Ubuntu Linux 5.0 4 amd64 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 University of Kansas Lynx 2.8.4 rel.1 University of Kansas Lynx 2.8.4 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Server 3.1 + Caldera OpenLinux Workstation 3.1.1 + Caldera OpenLinux Workstation 3.1 + Conectiva Linux 8.0 + Conectiva Linux 7.0 + Debian Linux 3.0 + RedHat Linux for iSeries 7.1 + RedHat Linux for pSeries 7.1 + Sun Linux 5.0.6 + Trustix Secure Linux 1.5 + Trustix Secure Linux 1.2 + Trustix Secure Linux 1.1 University of Kansas Lynx 2.8.3 rel.1 University of Kansas Lynx 2.8.3 pre.5 University of Kansas Lynx 2.8.3 dev2x University of Kansas Lynx 2.8.3 dev.22 University of Kansas Lynx 2.8.3 + Debian Linux 2.2 University of Kansas Lynx 2.8.2 rel.1 University of Kansas Lynx 2.8.1 University of Kansas Lynx 2.8 University of Kansas Lynx 2.7 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Secure Enterprise Linux 2.0 Slackware Linux 10.2 Slackware Linux 10.1 Slackware Linux 10.0 Slackware Linux 9.1 Slackware Linux 9.0 Slackware Linux 8.1 Slackware Linux -current SGI Advanced Linux Environment 3.0 SCO Unixware 7.1.4 SCO Unixware 7.1.3 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 9.0 x86_64 S.u.S.E. Linux Professional 9.0 S.u.S.E. Linux Professional 8.2 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Enterprise Server 8 S.u.S.E. Linux Desktop 1.0 RedHat Linux 9.0 i386 RedHat Linux 7.3 i386 RedHat Fedora Core4 RedHat Fedora Core3 RedHat Fedora Core2 RedHat Fedora Core1 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux AS 2.1 RedHat Desktop 4.0 RedHat Desktop 3.0 RedHat Advanced Workstation for the Itanium Processor 2.1 IA64 OpenPKG OpenPKG 2.5 OpenPKG OpenPKG 2.4 OpenPKG OpenPKG 2.3 OpenPKG OpenPKG Current Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia-64 Debian Linux 3.0 ia-32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0 Conectiva Linux 10.0 Avaya S8710 R2.0.1 Avaya S8710 R2.0.0 Avaya S8700 R2.0.1 Avaya S8700 R2.0.0 Avaya S8500 R2.0.1 Avaya S8500 R2.0.0 Avaya S8300 R2.0.1 Avaya S8300 R2.0.0
Not Vulnerable:	University of Kansas Lynx 2.8.6 dev14