lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Lynx-dev] RE: FW: iDEFENSE Security Advisory [IDEF1089] Multiple Vendor

From: vendor-disclosure
Subject: [Lynx-dev] RE: FW: iDEFENSE Security Advisory [IDEF1089] Multiple Vendor Lynx Command Injection Vulnerability
Date: Fri, 28 Oct 2005 15:32:53 -0400 
Greg - Please respond directly to queries made by Thomas and cc
vendor-disclosure.

Michael

-----Original Message-----
From: Thomas Dickey [mailto:address@hidden 
Sent: Friday, October 28, 2005 3:31 PM
To: vendor-disclosure
Cc: address@hidden
Subject: RE: FW: iDEFENSE Security Advisory [IDEF1089] Multiple Vendor Lynx
Command Injection Vulnerability

On Fri, 28 Oct 2005, vendor-disclosure wrote:

> Sorry, the report should have been attached to the last email. Let me know
> if it doesn't arrive this time.

ok.  I have it.

As I read it, it notes that the upstream source does not have the feature
enabled by default.  Also the feature normally would not be enabled in the
lynx.cfg file (reading the source code).

Is there any change required to upstream source (there's not enough 
information about the "configuration error on multiple platforms"), or is 
this aimed at changing lynx.cfg files that have been customized by 
packagers?

> I have also attached a PoC exploit.

thanks (will see)

-- 
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net
reply via email to
[Prev in Thread] Current Thread [Next in Thread]