Date: Sat, 25 Oct 2008 20:27:51 +0200 From: Tomas Hoger <thoger@...hat.com> To: oss-security <oss-security@...ts.openwall.com> Cc: coley@...re.org Subject: CVE request: lynx (old) .mailcap handling flaw Hi Steven! There's one old lynx issue that seem to need a 2006 CVE id. lynx browser prior to 2.8.6rel.4 tries to open mailcap and mime type definition files form the current directory. If user can be convinced to run lynx in a specially crafted directory, an attacker controlling the directory may be able to run arbitrary code as the victim running lynx. Issue was originally reported in Debian BTS: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396949 Some details can be found in our BZ as well: https://bugzilla.redhat.com/show_bug.cgi?id=214205 Thank you! -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.