Lynx v2.8.5dev Format String Vulnerablity

Risk: Medium
Local: No
Remote: Yes

Title: Format String Vulnerablity in Lynx Author: Larry W. Cashdollar, @_larry0 Date: 2001-12-27 CVE-ID: Download Site: Vendor: Lynx Vendor Notified: 2001-12-27 Vendor Contact: bugtraq Advisory: Description: Lynx is a text browser for the World Wide Web Vulnerability: lynx has a format string vulnerability in LYUtils.c line 7995 due to a bad call to syslog(), where the format argument is omitted. Risk: Low Version: Lynx compiled from FreeBSD ports collection. Also tested in 2.8.5dev.5.gz [larryc@harod ~ $] lynx --version Lynx Version 2.8.4rel.1 (17 Jul 2001) Built on freebsd4.4 Dec 25 2001 23:04:31 Details line 7995 in LYUtils.c reads: syslog (LOG_INFO|LOG_LOCAL5, buf); The reason this is low priority is the bug can only big triggered if sysloging URL's is enabled. (./configure --enable-syslog) Export: JSON TEXT XML Exploit Code: The following url triggers the bug: [larryc@harod ~ $] lynx Results in the following logged to syslog. Dec 25 23:11:00 vapid lynx[5160]: http://lwc-1077939384134744128:****** Fix line 7995: --syslog (LOG_INFO|LOG_LOCAL5, buf); +syslog (LOG_INFO|LOG_LOCAL5,"%s", buf);


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018,


Back to Top