Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2005-3120

Published: 17/10/2005 Updated: 02/02/2024
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Lynx

Vulnerability Summary

Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and previous versions allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.

Vulnerable Product Search on Vulmon Subscribe to Product

invisible-island lynx

debian debian linux 3.1

debian debian linux 3.0

Vendor Advisories

Red Hat: lynx security update
Synopsis lynx security update Type/Severity Security Advisory: Critical Topic An updated lynx package that corrects a security flaw is now availableThis update has been rated as having critical security impact by the RedHat Security Response Team Description Lynx is a text-based Web brows ...
Ubuntu Security Notice: lynx vulnerability
Ulf Harnhammar discovered a remote vulnerability in Lynx when connecting to a news server (NNTP) The function that added missing escape chararacters to article headers did not check the size of the target buffer Specially crafted news entries could trigger a buffer overflow, which could be exploited to execute arbitrary code with the privileges o ...
Debian Security Advisories: DSA-876-1 lynx-ssl -- buffer overflow
Ulf Härnhammar discovered a buffer overflow in lynx, a text-mode browser for the WWW that can be remotely exploited During the handling of Asian characters when connecting to an NNTP server lynx can be tricked to write past the boundary of a buffer which can lead to the execution of arbitrary code For the old stable distribution (woody) this pro ...
Debian Security Advisories: DSA-1085-1 lynx-cur -- several vulnerabilities
Several vulnerabilities have been discovered in lynx, the popular text-mode WWW browser The Common Vulnerabilities and Exposures Project identifies the following vulnerabilities: CVE-2004-1617 Michal Zalewski discovered that lynx is not able to grok invalid HTML including a TEXTAREA tag with a large COLS value and a large tag name in ...

Exploits

Exploit DB: Lynx 2.8.6dev.13 - Remote Buffer Overflow (PoC)
#!/usr/bin/perl -- # lynx-nntp-server # by Ulf Harnhammar in 2005 # I hereby place this program in the public domain use strict; use IO::Socket; $main::port = 119; $main::timeout = 5; # *** SUBROUTINES *** sub mysend($$) { my $file = shift; my $str = shift; print $file "$str\n"; print "SENT: $str\n"; } # sub mysend sub myreceive($) { my $fi ...

References

CWE-131http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.htmlhttp://www.redhat.com/support/errata/RHSA-2005-803.htmlhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253http://www.debian.org/security/2005/dsa-874http://www.debian.org/security/2005/dsa-876http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.htmlhttp://secunia.com/advisories/17216http://secunia.com/advisories/17360http://securitytracker.com/id?1015065http://www.securityfocus.com/bid/15117http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.htmlftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txtftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txthttp://secunia.com/advisories/17445http://secunia.com/advisories/18376http://secunia.com/advisories/17444http://support.avaya.com/elmodocs2/security/ASA-2006-010.htmhttp://www.gentoo.org/security/en/glsa/glsa-200510-15.xmlhttp://www.novell.com/linux/security/advisories/2005_25_sr.htmlhttp://secunia.com/advisories/17150http://secunia.com/advisories/17230http://secunia.com/advisories/17231http://secunia.com/advisories/17238http://secunia.com/advisories/17248http://secunia.com/advisories/17340http://secunia.com/advisories/17480http://secunia.com/advisories/18584http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.423056http://www.debian.org/security/2006/dsa-1085http://secunia.com/advisories/20383http://www.mandriva.com/security/advisories?name=MDKSA-2005:186https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9257https://usn.ubuntu.com/206-1/http://www.securityfocus.com/archive/1/435689/30/4740/threadedhttp://www.securityfocus.com/archive/1/419763/100/0/threadedhttps://access.redhat.com/errata/RHSA-2005:803https://usn.ubuntu.com/206-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/1256/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook