CVE-2021-38165 – lynx: Disclosure of HTTP authentication credentials via SNI data
https://notcve.org/view.php?id=CVE-2021-38165
Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. HTParse en Lynx versiones hasta 2.8.9, maneja inapropiadamente el subcomponente userinfo de un URI, que permite a atacantes remotos descubrir credenciales en texto sin cifrar porque pueden aparecer en los datos SNI o en los encabezados HTTP A flaw was found in the way lynx parsed URLs with userinfo part containing authentication credentials. These credentials were included in the Server Name Indication (SNI) TLS extension data and sent unencrypted during the TLS connection handshake. This could lead to exposure of authentication credentials to attackers able to eavesdrop on network connection between the lynx browser and the server. • http://www.openwall.com/lists/oss-security/2021/08/07/11 http://www.openwall.com/lists/oss-security/2021/08/07/12 http://www.openwall.com/lists/oss-security/2021/08/07/9 https://bugs.debian.org/991971 https://github.com/w3c/libwww/blob/f010b4cc58d32f34b162f0084fe093f7097a61f0/Library/src/HTParse.c#L118 https://lists.debian.org/debian-lts-announce/2021/08/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7YMUHFJJWTZ6HBHTYXVDPNZINGGURHDW • CWE-522: Insufficiently Protected Credentials •
CVE-2014-5002
https://notcve.org/view.php?id=CVE-2014-5002
The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes. El GEM de lynx versión anterior a 1.0.0 para Ruby fija la contraseña configurada en las líneas de comando, lo que permite a los usuarios locales obtener información confidencial mediante procesos de listado. • http://www.openwall.com/lists/oss-security/2014/07/07/23 http://www.openwall.com/lists/oss-security/2014/07/17/5 http://www.vapid.dhs.org/advisories/lynx-0.2.0.html https://github.com/panthomakos/lynx/issues/3 • CWE-255: Credentials Management Errors •
CVE-2006-7234 – Lynx 2.8 - '.mailcap'/'.mime.type' Local Code Execution
https://notcve.org/view.php?id=CVE-2006-7234
Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory. Vulnerabilidad de ruta de búsqueda no confiable en Lynx anterior a 2.8.6rel.4; permite a usuarios locales ejecutar código de su elección a través de los ficheros maliciosos (1) .mailcap y (2) mime.types en el directorio de trabajo actual. • https://www.exploit-db.com/exploits/32530 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396949 http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html http://secunia.com/advisories/32407 http://secunia.com/advisories/32416 http://secunia.com/advisories/33568 http://www.mandriva.com/security/advisories?name=MDVSA-2008:217 http://www.openwall.com/lists/oss-security/2008/10/25/3 http://www.redhat.com/support/errata/RHSA-2008-0965.html http://www.sec •
CVE-2008-4690 – lynx: remote arbitrary command execution via a crafted lynxcgi: URL
https://notcve.org/view.php?id=CVE-2008-4690
lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler. lynx v2.8.6dev.15 y anteriores, cuando está activado el modo avanzado y lynx está configurado como manejador de URL, permite a atacantes remotos ejecutar comandos de su elección a través de un lynxcgi: URL manipulado. Cuestión relacionada con el CVE-2005-2929. NOTA: se trata de una vulnerabilidad únicamente en algunos desarrollos que tienen definido un lynxcgi: handler. • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html http://secunia.com/advisories/32416 http://secunia.com/advisories/32967 http://secunia.com/advisories/33568 http://www.mandriva.com/security/advisories?name=MDVSA-2008:217 http://www.mandriva.com/security/advisories?name=MDVSA-2008:218 http://www.openwall.com/lists/oss-security/2008/10/09/2 http://www.redhat.com/support/errata/RHSA-2008-0965.html http://www.securitytracker.com/id?1021105 https://exchang • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2005-3120 – Lynx 2.8.6dev.13 - Remote Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2005-3120
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters. • https://www.exploit-db.com/exploits/1256 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txt http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://secunia.com/advisories/17150 http://secunia.com/advisories/17216 http://secunia.com/advisories/17230 http://secunia.com/advisories/1723 • CWE-131: Incorrect Calculation of Buffer Size •