Debian DSA-1085-1 : lynx-cur - several vulnerabilities

high Nessus Plugin ID 22627

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in lynx, the popular text-mode WWW browser. The Common Vulnerabilities and Exposures Project identifies the following vulnerabilities :

- CVE-2004-1617 Michal Zalewski discovered that lynx is not able to grok invalid HTML including a TEXTAREA tag with a large COLS value and a large tag name in an element that is not terminated, and loops forever trying to render the broken HTML.

- CVE-2005-3120 Ulf Harnhammar discovered a buffer overflow that can be remotely exploited. During the handling of Asian characters when connecting to an NNTP server lynx can be tricked to write past the boundary of a buffer which can lead to the execution of arbitrary code.

Solution

Upgrade the lynx-cur package.

For the old stable distribution (woody) these problems have been fixed in version 2.8.5-2.5woody1.

For the stable distribution (sarge) these problems have been fixed in version 2.8.6-9sarge1.

See Also

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=296340

https://security-tracker.debian.org/tracker/CVE-2004-1617

https://security-tracker.debian.org/tracker/CVE-2005-3120

http://www.debian.org/security/2006/dsa-1085

Plugin Details

Severity: High

ID: 22627

File Name: debian_DSA-1085.nasl

Version: 1.20

Type: local

Agent: unix

Published: 10/14/2006

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:3.0, cpe:/o:debian:debian_linux:3.1, p-cpe:/a:debian:debian_linux:lynx-cur

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/1/2006

Vulnerability Publication Date: 10/18/2004

Reference Information

CVE: CVE-2004-1617, CVE-2005-3120

BID: 11443

CWE: 20

DSA: 1085