[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Lynx-dev] Possible more elegant fix for Lynx vulnerability?

From: Naveen Albert
Subject: [Lynx-dev] Possible more elegant fix for Lynx vulnerability?
Date: Tue, 13 Oct 2020 06:49:51 -0500
User-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.9) Goanna/4.4 Interlink/52.9.7275a1


   I've written up a whitepaper about a vulnerability with default Lynx configurations that could allow anonymous users potentially privilege escalate and compromise a machine:

It may have been discovered before. I independently discovered it as have multiple others.It's been actively exploited in the wild before. This attack has been successfully used to completely compromise the root accounts of machines, and in one case resulted in irreversible data loss.

While it's not really a flaw with Lynx itself, but rather just poor security practices in general, as I'm sure you'll point out, I'm wondering if there's a more elegant way that this "loophole" with Lynx might get patched.

I'm sure this wasn't the intent, but Lynx is getting used this way and people's machines are getting p0wned, so it might be worth looking into - or maybe not. Just bringing this to your attention, if you feel it's worth addressing.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]