CVE-2005-3120

Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-803.html	Vendor Advisory
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253	Vendor Advisory
http://www.debian.org/security/2005/dsa-874
http://www.debian.org/security/2005/dsa-876
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
http://secunia.com/advisories/17216
http://secunia.com/advisories/17360
http://securitytracker.com/id?1015065
http://www.securityfocus.com/bid/15117
http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.html
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txt
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt
http://secunia.com/advisories/17445
http://secunia.com/advisories/18376
http://secunia.com/advisories/17444
http://support.avaya.com/elmodocs2/security/ASA-2006-010.htm
http://www.gentoo.org/security/en/glsa/glsa-200510-15.xml
http://www.novell.com/linux/security/advisories/2005_25_sr.html
http://secunia.com/advisories/17150
http://secunia.com/advisories/17230
http://secunia.com/advisories/17231
http://secunia.com/advisories/17238
http://secunia.com/advisories/17248
http://secunia.com/advisories/17340
http://secunia.com/advisories/17480
http://secunia.com/advisories/18584
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.423056
http://www.debian.org/security/2006/dsa-1085
http://secunia.com/advisories/20383
http://www.mandriva.com/security/advisories?name=MDKSA-2005:186
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9257
https://usn.ubuntu.com/206-1/
http://www.securityfocus.com/archive/1/435689/30/4740/threaded
http://www.securityfocus.com/archive/1/419763/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:university_of_kansas:lynx:2.8.4:::::::*
	cpe:2.3:a:university_of_kansas:lynx:2.8.6:::::::*
	cpe:2.3:a:university_of_kansas:lynx:2.8.6_dev13:::::::*
	cpe:2.3:a:university_of_kansas:lynx:2.8.3:::::::*

Information

Published : 2005-10-17 13:06

Updated : 2018-10-19 08:34

NVD link : CVE-2005-3120

Mitre link : CVE-2005-3120

JSON object : View

CWE

NVD-CWE-Other

Products Affected

university_of_kansas

lynx

7.5 /10