Vulnerabilities > CVE-2008-3329 - Security vulnerability in Links 'only proxies'

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
twibright
critical
nessus
NVD
Published: 2008-07-27
Updated: 2017-08-08

Summary

Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."

Vulnerable Configurations

Part Description Count
Application
Twibright
92

Nessus

NASL familySlackware Local Security Checks
NASL idSLACKWARE_SSA_2008-210-04.NASL
descriptionNew links packages are available for Slackware 11.0, 12.0, 12.1, and -current to fix a security issue when using proxies.
last seen2020-06-01
modified2020-06-02
plugin id33749
published2008-07-29
reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/33749
titleSlackware 11.0 / 12.0 / 12.1 / current : links (SSA:2008-210-04)

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 30422 CVE ID:CVE-2008-3329 CNCVE ID:CNCVE-20083329 Links是一款基于文本的支持HTML和帧的浏览器。 Links &quot;only proxies&quot;功能存在未明安全问题,远程攻击者可以利用漏洞传递恶意URL给外部程序。 目前没有详细漏洞细节提供。 Slackware Linux 12.1 Slackware Linux 12.0 Slackware Linux 11.0 Slackware Linux -current Links Links 2.1pre25 Links Links 2.1 pre26 Links Links 2.1 pre24 Links Links 2.1 pre23 Links Links 2.1 pre16 Links Links 2.1 升级程序: <a href=http://links.twibright.com/ target=_blank>http://links.twibright.com/</a>
idSSV:3739
last seen2017-11-19
modified2008-07-30
published2008-07-30
reporterRoot
titleLinks 'only proxies'存在未明安全漏洞

Statements

contributorTomas Hoger
lastmodified2008-11-13
organizationRed Hat
statementNot vulnerable. This issue did not affect the versions of links as shipped with Red Hat Enterprise Linux 2.1, and versions of elinks as shipped with Red Hat Enterprise Linux 3, 4, or 5. Versions of links / elinks shipped do not support &quot;only proxies&quot; feature.

References