[6685] in bugtraq
Re: [MORE] Lynx's 2.x buffers overflows
daemon@ATHENA.MIT.EDU (Bela Lubkin)
Wed May 6 14:24:56 1998
Date: Wed, 6 May 1998 03:03:52 -0700
Reply-To: Bela Lubkin <belal@SCO.COM>
From: Bela Lubkin <belal@SCO.COM>
To: BUGTRAQ@NETSPACE.ORG
Efrain Torres wrote:
> Not only lynx have this buffer overflow in a send e-mail MAILTO. It has
> segmentation fault in the options menu when u enter:
>
> A big E)ditor name, D)ISPLAY variable, B)ookmark file , P)ersonal mail
> address . I know this can not be exploited remotly but can be use to
> execute arbitrary commands in a menu restricted enviroment. There are
> easier ways to get a shell on a menu but this is just one way of many, and
> it isnt a shell escape option its just another stupid bug.
I had to go back to Lynx 2.3BETA, from 1994, to duplicate this. My next
newest binary was Lynx 2.5, from early 1996, and it seems to be fine.
The source certainly intends to be handling long input correctly.
The current release version is 2.8, with 2.8.1 under development; see
http://lynx.browser.org/.
I submitted a patch to the Lynx maintenance group for the mailto: URL
overflows.
I am curious why these Lynx bugs are being reported to bugtraq, but not
to the developers of Lynx. Likewise for bugs in anything else. Please
have the courtesy to report them to the people who should be fixing
them!
>Bela<
