CVE-2005-2929
First published: Fri Nov 18 2005(Updated: )
Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lynx | =2.8.6 | |
| Lynx | =2.8.6_dev13 | |
| Lynx | =2.8.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.idefense.com/application/poi/display?id=338&type=vulnerabilities
- http://www.gentoo.org/security/en/glsa/glsa-200511-09.xml
- http://www.securityfocus.com/bid/15395
- http://securitytracker.com/id?1015195
- http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.html
- http://secunia.com/advisories/18051
- http://secunia.com/advisories/17372
- http://secunia.com/advisories/17512
- http://secunia.com/advisories/17546
- http://secunia.com/advisories/17556
- http://secunia.com/advisories/17576
- http://secunia.com/advisories/17666
- http://secunia.com/advisories/17757
- http://secunia.com/advisories/18376
- http://www.redhat.com/support/errata/RHSA-2005-839.html
- http://support.avaya.com/elmodocs2/security/ASA-2006-035.htm
- http://secunia.com/advisories/18659
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:211
- http://securityreason.com/securityalert/173
- http://www.vupen.com/english/advisories/2005/2394
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23119
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9712
- http://www.securityfocus.com/archive/1/419763/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2005-2929?
CVE-2005-2929 has a moderate severity rating due to its potential for remote exploitation.
How do I fix CVE-2005-2929?
To fix CVE-2005-2929, upgrade Lynx to version 2.8.6 or later where the issue has been addressed.
What versions are affected by CVE-2005-2929?
CVE-2005-2929 affects Lynx versions prior to 2.8.6, specifically 2.8.5 and 2.8.6_dev13.
Can CVE-2005-2929 be exploited remotely?
Yes, CVE-2005-2929 can be exploited by remote attackers due to improper restrictions in certain link types.
What specific links are associated with CVE-2005-2929?
The links associated with CVE-2005-2929 include lynxcgi:, lynxexec, and lynxprog, which allow command execution.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/remedy
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- vendor/university of kansas
- product/lynx
- canonical/university of kansas lynx
- agent/software-canonical-lookup-request
- collector/nvd-index
- canonical/lynx
- version/lynx/2.8.6
- version/lynx/2.8.6_dev13
- version/lynx/2.8.5