FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-3120

This CVE name corresponds to:

Entered Topic
2005-10-30 lynx -- remote buffer overflow

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2005-3120 at cve.mitre.org

Details

Type Candidate
Name CVE-2005-3120
Phase Assigned(20051003)

Description

Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.

References

Source Reference
BUGTRAQ 20060602 Re: [SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities
FULLDISC 20051017 Lynx Remote Buffer Overflow
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-010.htm
DEBIAN DSA-874
DEBIAN DSA-876
DEBIAN DSA-1085
FEDORA FLSA:152832
GENTOO GLSA-200510-15
MANDRIVA MDKSA-2005:186
OPENPKG OpenPKG-SA-2005.026
REDHAT RHSA-2005:803
SCO SCOSA-2005.47
SCO SCOSA-2006.7
SLACKWARE SSA:2005-310-03
SUSE SUSE-SR:2005:025
TRUSTIX TSLSA-2005-0059
UBUNTU USN-206-1
MISC https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253
BID 15117
OVAL oval:org.mitre.oval:def:9257
SECTRACK 1015065
SECUNIA 17216
SECUNIA 17360
SECUNIA 17445
SECUNIA 18376
SECUNIA 17444
SECUNIA 17150
SECUNIA 17230
SECUNIA 17231
SECUNIA 17238
SECUNIA 17248
SECUNIA 17340
SECUNIA 17480
SECUNIA 18584
SECUNIA 20383

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.