What is the severity of RHSA-2008:0965?

The severity of RHSA-2008:0965 is classified as important due to the potential for arbitrary command execution.

How do I fix RHSA-2008:0965?

To fix RHSA-2008:0965, update Lynx to versions 2.8.5-28.1.el5_2.1 or 2.8.5-18.2.el4_7.1 or later.

What is the impact of the vulnerability in RHSA-2008:0965?

The impact of the RHSA-2008:0965 vulnerability allows an attacker to execute arbitrary commands through malicious URLs.

Which software versions are affected by RHSA-2008:0965?

RHSA-2008:0965 affects Lynx versions prior to 2.8.5-28.1.el5_2.1 and 2.8.5-18.2.el4_7.1.

Can the vulnerability in RHSA-2008:0965 be exploited remotely?

Yes, the vulnerability in RHSA-2008:0965 can be exploited remotely through specially crafted web pages.

Vulnerability/
RHSA-2008:0965

27/10/2008

RHSA-2008:0965: Important: lynx security update

First published: Mon Oct 27 2008(Updated: )

Lynx is a text-based Web browser. An arbitrary command execution flaw was found in the Lynx "lynxcgi:" URI handler. An attacker could create a web page redirecting to a malicious URL that could execute arbitrary code as the user running Lynx in the non-default "Advanced" user mode. (CVE-2008-4690) Note: In these updated lynx packages, Lynx will always prompt users before loading a "lynxcgi:" URI. Additionally, the default lynx.cfg configuration file now marks all "lynxcgi:" URIs as untrusted by default. A flaw was found in a way Lynx handled ".mailcap" and ".mime.types" configuration files. Files in the browser's current working directory were opened before those in the user's home directory. A local attacker, able to convince a user to run Lynx in a directory under their control, could possibly execute arbitrary commands as the user running Lynx. (CVE-2006-7234) All users of Lynx are advised to upgrade to this updated package, which contains backported patches correcting these issues.

Affected Software	Affected Version	How to fix
redhat/lynx	<2.8.5-28.1.el5_2.1	2.8.5-28.1.el5_2.1
redhat/lynx	<2.8.5-28.1.el5_2.1	2.8.5-28.1.el5_2.1
redhat/lynx	<2.8.5-18.2.el4_7.1	2.8.5-18.2.el4_7.1
redhat/lynx	<2.8.5-18.2.el4_7.1	2.8.5-18.2.el4_7.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2008:0965?
The severity of RHSA-2008:0965 is classified as important due to the potential for arbitrary command execution.
How do I fix RHSA-2008:0965?
To fix RHSA-2008:0965, update Lynx to versions 2.8.5-28.1.el5_2.1 or 2.8.5-18.2.el4_7.1 or later.
What is the impact of the vulnerability in RHSA-2008:0965?
The impact of the RHSA-2008:0965 vulnerability allows an attacker to execute arbitrary commands through malicious URLs.
Which software versions are affected by RHSA-2008:0965?
RHSA-2008:0965 affects Lynx versions prior to 2.8.5-28.1.el5_2.1 and 2.8.5-18.2.el4_7.1.
Can the vulnerability in RHSA-2008:0965 be exploited remotely?
Yes, the vulnerability in RHSA-2008:0965 can be exploited remotely through specially crafted web pages.

agent/references
agent/severity
agent/type
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2008:0965
agent/software-canonical-lookup
agent/remedy
agent/title
agent/description
agent/event
agent/trending
agent/tags
agent/source
package-manager/redhat

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.