LYNX-DEV Minor security issue with lynx...

[Larry]

Good timing with the CERT announcement -- I discovered the following a few
days ago, and was wondering where to send it to...


An ISP used to offer anonymous access to lynx-2.3beta through a
password-less account.   While it was locked down pretty tight (no 'g'
option, etc.) I was able to obtain a shell though the Download menu by
entering a filename of ';/bin/sh'.

The lynx-cfg lists the following:

DOWNLOADER:Use Zmodem to download to your computer:tmpfile=%s ; szfile=%s ;
cp $tmpfile $szfile ; sz $szfile ; rm $szfile:TRUE


I've just installed 2.7, and I noticed the suggested code is different, so
perhaps you fixed this -- just wanted to point it out in case you weren't
aware.

--Larry

;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;