PT-2008-1064 · Lynx+2 · Lynx+2

Lubomir Kundrak

Published

2008-10-27

Updated

2024-06-15

CVE-2006-7234

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Lynx versions prior to 2.8.6rel.4 Lynx version 2.8.4 Lynx version 2.8.5

Description The issue allows local users to execute arbitrary code via malicious files in the current working directory, specifically (1) .mailcap and (2) mime.types files. Exploitation of the vulnerabilities can lead to disruption of confidentiality, integrity, and availability of protected information and can be carried out remotely.

Recommendations For Lynx versions prior to 2.8.6rel.4, update to version 2.8.6rel.4 or later. For Lynx version 2.8.4, update to a version later than 2.8.4. For Lynx version 2.8.5, update to a version later than 2.8.5. As a temporary workaround, consider restricting access to the current working directory to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2018-1970

BDU:2015-06413

BDU:2015-06414

BDU:2015-08355

BDU:2015-08356

CVE-2006-7234

OPENSUSE-SU-2024:11033-1

RHSA-2008:0965

RHSA-2008_0965

Affected Products

Alt Linux

Lynx

Red Hat

PT-2008-1064 · Lynx+2 · Lynx+2

CVE-2006-7234

Related Identifiers

Affected Products

References · 36