lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Re: Netscape 4.7 argument bug

From: Philip Webb
Subject: Re: lynx-dev Re: Netscape 4.7 argument bug
Date: Sat, 8 Jan 2000 13:45:01 -0500 
000108 Mixter wrote:
> It seems the netscape problem found by darkspyrit -- oversized arguments
> to CGI's via GET -- might be a vulnerability issue in other browsers.
> I tried accessing the sample exploit page  http://www.beavuh.org/nscape.htm
> with Lynx 2-8-1pre.9 and nothing happened,
> but when I tried saving the page with 'p' to disk, it got a segv:

you should have pointed out the problem: a very long default filename,
which the user can override & surely would if not very careless.

> Here is a backtrace from the lynx core file:
> (gdb) bt
> #0  0x1ad811 in __kill ()
> #1  0x1ad63f in raise (sig=6) at ../sysdeps/posix/raise.c:27
> #2  0x1ae84f in abort () at ../sysdeps/generic/abort.c:83
> #3  0x80602e8 in _start ()
> #4  0xc0de0001 in ?? ()
 
no problems with 2-8-3dev.14 , which saved to disk with the very long name.
i have a vague memory that some such long-name problem was fixed last year.

always test the latest version of Lynx from  sol.slcc.edu/lynx/current/ :
Lynx is continually improving both behaviour & resilience.
 
-- 
========================,,============================================
SUPPORT     ___________//___,  Philip Webb : address@hidden
ELECTRIC   /] [] [] [] [] []|  Centre for Urban & Community Studies
TRANSIT    `-O----------O---'  University of Toronto
reply via email to
[Prev in Thread] Current Thread [Next in Thread]