File: 100000172.txt

package info (click to toggle)
snort 2.7.0-20.4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 34,512 kB
  • ctags: 18,772
  • sloc: ansic: 115,404; sh: 10,893; makefile: 1,372; perl: 487; sql: 213
file content (66 lines) | stat: -rw-r--r-- 1,423 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
Rule: 

--
Sid: 
100000172

-- 
Summary: 
This event is generated when an attempt is made to exploit a known 
vulnerability in the Lynx text-based web browser.

-- 
Impact: 
Code execution on the victim machine with the privileges of the user running 
Lynx.

--
Detailed Information:
A vulnerability exists in the way that Lynx handles links when browsing NNTP 
resources. The function that handles the display of information from article 
headers when listing available files on the server, inserts extra characters to 
handle certain character sets. This function does not properly check how much 
extra data is inserted and it is possible to overflow a static buffer and 
execute code in the context of the browser process.

--
Affected Systems:
Lynx versions 2.8.6 and prior

--
Attack Scenarios: 
An attacker would need to supply a malicious link on an nntp server to the user 
using Lynx.

-- 
Ease of Attack: 
Simple.

-- 
False Positives:
None Known.

--
False Negatives:
None Known.

-- 
Corrective Action: 
Apply the appropriate patch.

Upgrade to the latest non-affected version of the software.

--
Contributors:
Original Rule writer rmkml <rmkml@free.fr>
Sourcefire Vulnerability Research Team
Alex Kirk <akirk@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

-- 
Additional References:

Original advisory posting:
http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html

--