Package: lynx-cur
Version: 2.8.7dev1-1
Severity: grave
Tags: security
Justification: user security hole
Lynx attempts to use the .mime.types and .mailcap files located in the
current directory:
$ strace lynx -dump 2>&1 | grep '^open("[^/]'
open(".mailcap", O_RDONLY) = -1 ENOENT (No such file or directory)
open(".mime.types", O_RDONLY) = -1 ENOENT (No such file or directory)
$
This allows an attacker to cause lynx to execute arbitrary shell code when a
user runs lynx while visiting a directory with attacker-provided contents.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (x86_64)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.18
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Versions of packages lynx-cur depends on:
ii debconf [debconf-2.0] 1.5.8 Debian configuration management sy
ii libc6 2.3.6.ds1-4 GNU C Library: Shared libraries
ii libgnutls13 1.4.4-1 the GNU TLS library - runtime libr
ii libncursesw5 5.5-5 Shared libraries for terminal hand
ii zlib1g 1:1.2.3-13 compression library - runtime
Versions of packages lynx-cur recommends:
ii mime-support 3.37-1 MIME files 'mime.types' & 'mailcap
-- debconf information:
* lynx-cur/defaulturl: http://www.google.pl/
lynx-cur/etc_lynx.cfg:
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
