[6673] in bugtraq
[MORE] Lynx's 2.x buffers overflows
daemon@ATHENA.MIT.EDU (Efrain Torres - Estudiante General)
Tue May 5 16:45:39 1998
Date: Mon, 4 May 1998 11:38:12 +0500
Reply-To: Efrain Torres - Estudiante General <etorres@esap.edu.co>
From: Efrain Torres - Estudiante General <etorres@ESAP.EDU.CO>
X-To: Michal Zalewski <lcamtuf@BOSS.STASZIC.WAW.PL>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.96.980503194214.2331A-100000@genome>
h0l4,
Not only lynx have this buffer overflow in a send e-mail MAILTO. It has
segmentation fault in the options menu when u enter:
A big E)ditor name, D)ISPLAY variable, B)ookmark file , P)ersonal mail
address . I know this can not be exploited remotly but can be use to
execute arbitrary commands in a menu restricted enviroment. There are
easier ways to get a shell on a menu but this is just one way of many, and
it isnt a shell escape option its just another stupid bug.
Efrain 'ET' Torres
[LOWNOISE]
et@my.narco-president.sucks.co
