[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] RE: FW: iDEFENSE Security Advisory [IDEF1089] Multiple Ve

From: Stef Caunter
Subject: Re: [Lynx-dev] RE: FW: iDEFENSE Security Advisory [IDEF1089] Multiple Vendor Lynx Command Injection Vulnerability
Date: Fri, 28 Oct 2005 16:30:54 -0400 (EDT)

Any of this related to this thread? I see some Oct 17 2005 reports with the same name (we didn't get anything on the list), but nothing since.


From address@hidden Sun Sep 25 10:53:30 2005
Date: Sun, 25 Sep 2005 14:25:08 +0200
From: Ulf Harnhammar <address@hidden>
To: address@hidden
Subject: Re: [Lynx-dev] 3xcrash: NULL dereferencing and buffer overflows

On Sun, Sep 25, 2005 at 02:45:32AM +0200, Ulf Harnhammar wrote:
> 1) NULL dereferencing crash with unexpected data from Gopher server
> > I have attached a fake Gopher server,, that
> illustrates this issue. Run it, connect to it with lynx (lynx
> gopher://fake.server), select the Search menu item, press s, search
> for something.. notice how lynx crashes.

It also crashes if you go directly to a URL like
"gopher://fake.server/2a?b";, for example by selecting a link in an
HTML document.

// Ulf

reply via email to

[Prev in Thread] Current Thread [Next in Thread]