Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 25 Oct 2008 20:27:51 +0200
From: Tomas Hoger <>
To: oss-security <>
Subject: CVE request: lynx (old) .mailcap handling flaw

Hi Steven!

There's one old lynx issue that seem to need a 2006 CVE id.  lynx
browser prior to 2.8.6rel.4 tries to open mailcap and mime type
definition files form the current directory.  If user can be convinced
to run lynx in a specially crafted directory, an attacker controlling
the directory may be able to run arbitrary code as the victim running

Issue was originally reported in Debian BTS:

Some details can be found in our BZ as well:

Thank you!

Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ