lynx-dev [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock /

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

lynx-dev [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock /

From:	Marc Heuse
Subject:	lynx-dev [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x (fwd)
Date:	Wed, 1 Sep 1999 23:13:01 +0200 (MEST)

Hi,

this vulnerability was found some weeks ago ... when ( - if - ) will be an
security update available? thanks for your time.

------------------
lynx and telnet://
------------------

Compromise: remote messing with files, maybe more?

Lynx has a problem coming from calling external programs to handle
protocols like telnet://. Example: attempt of viewing 'telnet://-n.rhosts'
URL will result in empty, new and shiny .rhosts file. Unfortunately, as
telnet client has session logging off by default, no idea how to put
something there?


Greets,
        Marc
--
   Marc Heuse, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
   address@hidden: address@hidden  Function: Security Support & Auditing
   "lynx -source http://www.suse.de/~marc/marc.pgp | pgp -fka"
Key fingerprint = B5 07 B6 4E 9C EF 27 EE  16 D9 70 D4 87 B5 63 6C

[Prev in Thread]

Current Thread

[Next in Thread]

lynx-dev [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x (fwd), Marc Heuse <=
- Re: lynx-dev [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x (fwd), Klaus Weide, 1999/09/02

Prev by Date: lynx-dev Re: bug #25947, $http_proxy + /etc/lynx.cfg http_proxy
Next by Date: Re: lynx-dev [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x (fwd)
Previous by thread: lynx-dev Re: bug #25947, $http_proxy + /etc/lynx.cfg http_proxy
Next by thread: Re: lynx-dev [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x (fwd)
Index(es):
- Date
- Thread