lynx-dev Re: Netscape 4.7 argument bug

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

lynx-dev Re: Netscape 4.7 argument bug

From:	Mixter
Subject:	lynx-dev Re: Netscape 4.7 argument bug
Date:	Sat, 8 Jan 2000 14:48:04 +0100 (CET)

It seems that the netscape problem found by darkspyrit (oversized
arguments to CGI's via GET) might also be a vulnerability issue in
other browser software. For fun, I tried accessing the sample exploit
page at http://www.beavuh.org/nscape.htm
with lynx, and nothing happened, but when I tried saving the page
(default key 'p') to disk, it got a segv..
this happened using version 2.8.1pre.9

Here is a backtrace from the lynx core file:
(gdb) bt
#0  0x1ad811 in __kill ()
#1  0x1ad63f in raise (sig=6) at ../sysdeps/posix/raise.c:27
#2  0x1ae84f in abort () at ../sysdeps/generic/abort.c:83
#3  0x80602e8 in _start ()
#4  0xc0de0001 in ?? ()

________________________
address@hidden
http://1337.tsx.org
mkdir -p `perl -e 'printf "a/" x 1000'`

[Prev in Thread]

Current Thread

[Next in Thread]

lynx-dev Re: Netscape 4.7 argument bug, Mixter <=
- Re: lynx-dev Re: Netscape 4.7 argument bug, Philip Webb, 2000/01/08
- Re: lynx-dev Re: Netscape 4.7 argument bug, T.E.Dickey, 2000/01/08

Prev by Date: Re: lynx-dev dev.18 patch: USE_PRETTYSRC, lynx.cfg
Next by Date: lynx-dev Assuming .Z in Lynx 2.8.2rel.1
Previous by thread: lynx-dev dev.18 patch: USE_PRETTYSRC, lynx.cfg
Next by thread: Re: lynx-dev Re: Netscape 4.7 argument bug
Index(es):
- Date
- Thread