Lynx URI Handlers Arbitrary Command Execution Vulnerability

Bugtraq ID: 15395
Class: Input Validation Error
CVE: CVE-2008-4690
CVE-2005-2929
Remote: Yes
Local: No
Published: Nov 11 2005 12:00AM
Updated: Sep 14 2009 06:11PM
Credit: vade79 is credited with the discovery of this vulnerability.
Vulnerable: University of Kansas Lynx 2.8.6 dev9
University of Kansas Lynx 2.8.6 dev8
University of Kansas Lynx 2.8.6 dev7
University of Kansas Lynx 2.8.6 dev6
University of Kansas Lynx 2.8.6 dev5
University of Kansas Lynx 2.8.6 dev4
University of Kansas Lynx 2.8.6 dev3
University of Kansas Lynx 2.8.6 dev2
University of Kansas Lynx 2.8.6 dev14
University of Kansas Lynx 2.8.6 dev13
University of Kansas Lynx 2.8.6 dev12
University of Kansas Lynx 2.8.6 dev11
University of Kansas Lynx 2.8.6 dev10
University of Kansas Lynx 2.8.6 dev1
University of Kansas Lynx 2.8.5 dev.8
+ MandrakeSoft Multi Network Firewall 2.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
University of Kansas Lynx 2.8.5 dev.5
University of Kansas Lynx 2.8.5 dev.4
University of Kansas Lynx 2.8.5 dev.3
University of Kansas Lynx 2.8.5 dev.2
University of Kansas Lynx 2.8.5
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 2006.0 x86_64
+ Mandriva Linux Mandrake 2006.0
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Ubuntu Ubuntu Linux 5.10 powerpc
+ Ubuntu Ubuntu Linux 5.10 i386
+ Ubuntu Ubuntu Linux 5.10 amd64
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
University of Kansas Lynx 2.8.4 rel.1
University of Kansas Lynx 2.8.4
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Debian Linux 3.0
+ RedHat Linux for iSeries 7.1
+ RedHat Linux for pSeries 7.1
+ Sun Linux 5.0.6
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
University of Kansas Lynx 2.8.3 rel.1
University of Kansas Lynx 2.8.3 pre.5
University of Kansas Lynx 2.8.3 dev2x
University of Kansas Lynx 2.8.3 dev.22
University of Kansas Lynx 2.8.3
+ Debian Linux 2.2
University of Kansas Lynx 2.8.2 rel.1
University of Kansas Lynx 2.8.1
University of Kansas Lynx 2.8
University of Kansas Lynx 2.7
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
SuSE SUSE Linux Enterprise SDK 9
SuSE SUSE Linux Enterprise SDK 10 SP2
SGI ProPack 3.0 SP6
SCO Unixware 7.1.4
SCO Unixware 7.1.3
S.u.S.E. Novell Linux Desktop 9.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core4
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Fedora 9
Red Hat Fedora 8
Red Hat Enterprise Linux Desktop 5 client
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Red Hat Enterprise Linux 5 Server
OpenPKG OpenPKG 2.5
OpenPKG OpenPKG 2.4
OpenPKG OpenPKG 2.3
OpenPKG OpenPKG Current
Mandriva Linux Mandrake 2009.0 x86_64
Mandriva Linux Mandrake 2009.0
Mandriva Linux Mandrake 2008.1 x86_64
Mandriva Linux Mandrake 2008.1
Mandriva Linux Mandrake 2008.0 x86_64
Mandriva Linux Mandrake 2008.0
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
Gentoo Linux
Conectiva Linux 10.0
Avaya Intuity Audix R5 0
Not Vulnerable: University of Kansas Lynx 2.8.6 dev15


 

Privacy Statement
Copyright 2010, SecurityFocus