Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Mon, 27 Oct 2008 18:38:19 +0000
From: Tavis Ormandy <taviso@....lonestar.org>
To: oss-security@...ts.openwall.com
Cc: coley@...re.org
Subject: Re: CVE request: lynx (old) .mailcap handling flaw

On Sat, Oct 25, 2008 at 08:27:51PM +0200, Tomas Hoger wrote:
> Hi Steven!
> 
> There's one old lynx issue that seem to need a 2006 CVE id.  lynx
> browser prior to 2.8.6rel.4 tries to open mailcap and mime type
> definition files form the current directory.  If user can be convinced
> to run lynx in a specially crafted directory, an attacker controlling
> the directory may be able to run arbitrary code as the victim running
> lynx.

That reminds me, I recently noticed valgrind also does this.

$ printf -- "--db-command=/usr/bin/id\n--db-attach=yes\n" > /tmp/.valgrindrc

Etc.

Thanks, Tavis.

-- 
-------------------------------------
taviso@....lonestar.org | finger me for my gpg key.
-------------------------------------------------------

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux