CVE-2008-4690

Name of the Vulnerable Software and Affected Versions lynx versions 2.8.4 through 2.8.5 lynx version 2.8.6dev.15 and earlier

Description The issue affects the lynx package in various operating systems, including Red Hat Enterprise Linux and CentOS, allowing remote attackers to exploit multiple vulnerabilities. These vulnerabilities can lead to a breach of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely. In specific configurations where lynx is set up as a URL handler and advanced mode is enabled, attackers can execute arbitrary commands via a crafted lynxcgi: URL.

Recommendations For lynx versions 2.8.4 through 2.8.5, consider updating to a version later than 2.8.5 to mitigate the risk. For lynx version 2.8.6dev.15 and earlier, as a temporary workaround, consider disabling the advanced mode or removing the lynxcgi: handler configuration until a patch is available. Restrict access to the lynx package to minimize the risk of exploitation.