Vulnerabilities > CVE-2006-7234 - Local Code Execution vulnerability in Lynx '.mailcap' and '.mime.type' Files

047910
CVSS 4.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
lynx
nessus
exploit available
NVD
Published: 2008-10-27
Updated: 2017-10-11

Summary

Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory. Patch Information - http://lynx.isc.org/lynx2.8.6/patches/

Vulnerable Configurations

Part Description Count
Application
Lynx
179

Exploit-Db

descriptionLynx 2.8 '.mailcap' and '.mime.type' Files Local Code Execution Vulnerability. CVE-2006-7234. Remote exploit for linux platform
idEDB-ID:32530
last seen2016-02-03
modified2008-11-03
published2008-11-03
reporterPiotr Engelking
sourcehttps://www.exploit-db.com/download/32530/
titleLynx 2.8 - '.mailcap' and '.mime.type' Files Local Code Execution Vulnerability

Nessus

  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0965.NASL
    descriptionFrom Red Hat Security Advisory 2008:0965 : An updated lynx package that corrects two security issues is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Lynx is a text-based Web browser. An arbitrary command execution flaw was found in the Lynx
    last seen2020-06-01
    modified2020-06-02
    plugin id67759
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67759
    titleOracle Linux 3 / 4 / 5 : lynx (ELSA-2008-0965)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0965.NASL
    descriptionAn updated lynx package that corrects two security issues is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Lynx is a text-based Web browser. An arbitrary command execution flaw was found in the Lynx
    last seen2020-06-01
    modified2020-06-02
    plugin id34505
    published2008-10-28
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34505
    titleRHEL 2.1 / 3 / 4 / 5 : lynx (RHSA-2008:0965)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0965.NASL
    descriptionAn updated lynx package that corrects two security issues is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Lynx is a text-based Web browser. An arbitrary command execution flaw was found in the Lynx
    last seen2020-06-01
    modified2020-06-02
    plugin id34503
    published2008-10-28
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34503
    titleCentOS 3 / 4 / 5 : lynx (CESA-2008:0965)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20081027_LYNX_ON_SL3_X.NASL
    descriptionAn arbitrary command execution flaw was found in the Lynx
    last seen2020-06-01
    modified2020-06-02
    plugin id60486
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60486
    titleScientific Linux Security Update : lynx on SL3.x, SL4.x, SL5.x i386/x86_64

Oval

accepted2013-04-29T04:21:34.999-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionUntrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.
familyunix
idoval:org.mitre.oval:def:9719
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleUntrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.
version27

Redhat

advisories
rhsa
idRHSA-2008:0965
rpms
  • lynx-0:2.8.4-18.1.3
  • lynx-0:2.8.5-11.3
  • lynx-0:2.8.5-18.2.el4_7.1
  • lynx-0:2.8.5-28.1.el5_2.1
  • lynx-debuginfo-0:2.8.5-11.3
  • lynx-debuginfo-0:2.8.5-18.2.el4_7.1
  • lynx-debuginfo-0:2.8.5-28.1.el5_2.1

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 31917 CVE ID:CVE-2006-7234 CNCVE ID:CNCVE-20087234 Lynx是一款基于文本的浏览器。 Lynx处理'.mailcap'和'.mime.type'文件存在问题,本地攻击者可以利用漏洞以应用程序权限执行任意指令。 Lynx从当前目录中打开mailcap和mime类型定义文件,如果用户可以在特殊构建的目录中诱使用户运行lynx,攻击者可以控制目录以运行lynx用户权限执行任意代码。 University of Kansas Lynx 2.8.6 dev9 University of Kansas Lynx 2.8.6 dev8 University of Kansas Lynx 2.8.6 dev7 University of Kansas Lynx 2.8.6 dev6 University of Kansas Lynx 2.8.6 dev5 University of Kansas Lynx 2.8.6 dev4 University of Kansas Lynx 2.8.6 dev3 University of Kansas Lynx 2.8.6 dev2 University of Kansas Lynx 2.8.6 dev15 University of Kansas Lynx 2.8.6 dev14 University of Kansas Lynx 2.8.6 dev13 University of Kansas Lynx 2.8.6 dev12 University of Kansas Lynx 2.8.6 dev11 University of Kansas Lynx 2.8.6 dev10 University of Kansas Lynx 2.8.6 dev1 University of Kansas Lynx 2.8.6 University of Kansas Lynx 2.8.5 dev.8 + MandrakeSoft Linux Mandrake 9.0 + MandrakeSoft Linux Mandrake 8.2 ppc + MandrakeSoft Linux Mandrake 8.2 + MandrakeSoft Linux Mandrake 8.1 ia64 + MandrakeSoft Linux Mandrake 8.1 + MandrakeSoft Linux Mandrake 8.0 ppc + MandrakeSoft Linux Mandrake 8.0 + MandrakeSoft Linux Mandrake 7.2 + MandrakeSoft Multi Network Firewall 2.0 + MandrakeSoft Single Network Firewall 7.2 University of Kansas Lynx 2.8.5 dev.5 University of Kansas Lynx 2.8.5 dev.4 University of Kansas Lynx 2.8.5 dev.3 University of Kansas Lynx 2.8.5 dev.2 University of Kansas Lynx 2.8.5 + MandrakeSoft Corporate Server 3.0 x86_64 + MandrakeSoft Corporate Server 3.0 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Linux Mandrake 2006.0 x86_64 + MandrakeSoft Linux Mandrake 2006.0 + MandrakeSoft Linux Mandrake 10.2 x86_64 + MandrakeSoft Linux Mandrake 10.2 + MandrakeSoft Linux Mandrake 10.1 x86_64 + MandrakeSoft Linux Mandrake 10.1 + MandrakeSoft Multi Network Firewall 2.0 + Ubuntu Ubuntu Linux 5.10 powerpc + Ubuntu Ubuntu Linux 5.10 i386 + Ubuntu Ubuntu Linux 5.10 amd64 + Ubuntu Ubuntu Linux 5.0 4 powerpc + Ubuntu Ubuntu Linux 5.0 4 i386 + Ubuntu Ubuntu Linux 5.0 4 amd64 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 University of Kansas Lynx 2.8.4 rel.1 University of Kansas Lynx 2.8.4 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Server 3.1 + Caldera OpenLinux Workstation 3.1.1 + Caldera OpenLinux Workstation 3.1 + Conectiva Linux 8.0 + Conectiva Linux 7.0 + Debian Linux 3.0 + RedHat Linux for iSeries 7.1 + RedHat Linux for pSeries 7.1 + Sun Linux 5.0.6 + Trustix Secure Linux 1.5 + Trustix Secure Linux 1.2 + Trustix Secure Linux 1.1 University of Kansas Lynx 2.8.3 rel.1 University of Kansas Lynx 2.8.3 pre.5 University of Kansas Lynx 2.8.3 dev2x University of Kansas Lynx 2.8.3 dev.22 University of Kansas Lynx 2.8.3 + Debian Linux 2.2 University of Kansas Lynx 2.8.2 rel.1 University of Kansas Lynx 2.8.1 University of Kansas Lynx 2.8 RedHat Enterprise Linux WS 5 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux AS 2.1 IA64 RedHat Enterprise Linux AS 2.1 RedHat Enterprise Linux 5 server RedHat Desktop 4.0 RedHat Desktop 3.0 RedHat Advanced Workstation for the Itanium Processor 2.1 IA64 RedHat Advanced Workstation for the Itanium Processor 2.1 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia-64 Debian Linux 3.0 ia-32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0 升级到Kansas Lynx 2.8.6 rel.4版本: University of Kansas Lynx 2.8 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.1 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.2 rel.1 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.3 dev2x University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.3 dev.22 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.3 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.3 rel.1 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.3 pre.5 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.4 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.4 rel.1 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.5 dev.8 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.5 dev.5 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.5 dev.4 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.5 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.5 dev.3 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.5 dev.2 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev3 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev2 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev15 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev4 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev1 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev10 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev14 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev7 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev8 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev9 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev13 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev6 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev12 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev11 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a> University of Kansas Lynx 2.8.6 dev5 University of Kansas lynx2.8.6rel.4.tar.bz2 <a href=http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2 target=_blank>http://lynx.isc.org/current/lynx2.8.6rel.4.tar.bz2</a>
idSSV:4365
last seen2017-11-19
modified2008-10-28
published2008-10-28
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-4365
titleLynx '.mailcap'和'.mime.type'文件本地代码执行漏洞

References