Lynx < 2.8.6 dev14 NNTP Headers Buffer Overflow

medium Log Correlation Engine Plugin ID 800974

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is using Lynx as a web browser. This version of Lynx is vulnerable to a buffer overflow when processing malformed NNTP headers. An attacker exploiting this flaw would need to be able to convince the local Lynx user to browse a malicious NNTP server. Successful exploitation will result in the attacker running arbitrary code on the local system.

Solution

Upgrade to version 2.8.6 dev14 or higher.

See Also

lynx.browser.org

Plugin Details

Severity: Medium

ID: 800974

Family: Web Clients

Reference Information

CVE: CVE-2004-1617, CVE-2005-2665, CVE-2005-3120

BID: 15117, 11443