Vulnerabilities > CVE-2008-4690 - Unspecified vulnerability in Lynx

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
lynx
critical
nessus
NVD
Published: 2008-10-22
Updated: 2017-09-29

Summary

lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler.

Vulnerable Configurations

Part Description Count
Application
Lynx
176

Nessus

  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0965.NASL
    descriptionFrom Red Hat Security Advisory 2008:0965 : An updated lynx package that corrects two security issues is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Lynx is a text-based Web browser. An arbitrary command execution flaw was found in the Lynx
    last seen2020-06-01
    modified2020-06-02
    plugin id67759
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67759
    titleOracle Linux 3 / 4 / 5 : lynx (ELSA-2008-0965)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LYNX-5720.NASL
    descriptionThis update of lynx fixes a security bug that can be exploited by remote attackers to execute arbitrary commands when advanced mode is enabled and lynx is used as URL handler (CVE-2008-4690)
    last seen2020-06-01
    modified2020-06-02
    plugin id34984
    published2008-12-01
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34984
    titleopenSUSE 10 Security Update : lynx (lynx-5720)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-9597.NASL
    description - Mon Nov 10 2008 Jiri Moskovcak <jmoskovc at redhat.com> - 2.8.6-12 - Fixed CVE-2008-4690 lynx: remote arbitrary command execution. via a crafted lynxcgi: URL (thoger) - Fri May 30 2008 Jiri Moskovcak <jmoskovc at redhat.com> - 2.8.6-11 - updated to latest upstream version 2.8.6rel5 - Resolves: #214205 - Wed Jan 9 2008 Jiri Moskovcak <jmoskovc at redhat.com> - 2.8.6-10 - added telnet, rsh, zip and unzip to BuildRequires - Resolves: #430508 - Wed Jan 9 2008 Jiri Moskovcak <jmoskovc at redhat.com> - 2.8.6-9 - fixed crash when using formatting character
    last seen2020-06-01
    modified2020-06-02
    plugin id35017
    published2008-12-03
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35017
    titleFedora 8 : lynx-2.8.6-12.fc8 (2008-9597)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-9550.NASL
    description - Mon Nov 10 2008 Jiri Moskovcak <jmoskovc at redhat.com> 2.8.6-17 - Fixed CVE-2008-4690 lynx: remote arbitrary command execution. via a crafted lynxcgi: URL (thoger) - Fri May 30 2008 Jiri Moskovcak <jmoskovc at redhat.com> 2.8.6-16 - updated to latest stable upstream version 2.8.6rel5 - Fri May 23 2008 Dennis Gilmore <dennis at ausil.us> - 2.8.6-15.1 - minor rebuild on sparc - Sat May 17 2008 Dennis Gilmore <dennis at ausil.us> - 2.8.6-15 - even with the patches it still built wrong in koji. - limit -j to 24 for sparc - Thu May 8 2008 Dennis Gilmore <dennis at ausil.us> - 2.8.6-14 - patch from ajax to fix parallel builds - additional patch from me for parallel builds - set default home page to start.fedoraproject.org Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id35016
    published2008-12-03
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35016
    titleFedora 9 : lynx-2.8.6-17.fc9 (2008-9550)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0965.NASL
    descriptionAn updated lynx package that corrects two security issues is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Lynx is a text-based Web browser. An arbitrary command execution flaw was found in the Lynx
    last seen2020-06-01
    modified2020-06-02
    plugin id34505
    published2008-10-28
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34505
    titleRHEL 2.1 / 3 / 4 / 5 : lynx (RHSA-2008:0965)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0965.NASL
    descriptionAn updated lynx package that corrects two security issues is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Lynx is a text-based Web browser. An arbitrary command execution flaw was found in the Lynx
    last seen2020-06-01
    modified2020-06-02
    plugin id34503
    published2008-10-28
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34503
    titleCentOS 3 / 4 / 5 : lynx (CESA-2008:0965)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_LYNX-081030.NASL
    descriptionThis update of lynx fixes a security bug that can be exploited by remote attackers to execute arbitrary commands when advanced mode is enabled and lynx is used as URL handler (CVE-2008-4690)
    last seen2020-06-01
    modified2020-06-02
    plugin id40062
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40062
    titleopenSUSE Security Update : lynx (lynx-275)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-9952.NASL
    description - Fri Nov 7 2008 Jiri Moskovcak <jmoskovc at redhat.com> - 2.8.6-18 - Fixed CVE-2008-4690 lynx: remote arbitrary command execution. via a crafted lynxcgi: URL (thoger) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37326
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37326
    titleFedora 10 : lynx-2.8.6-18.fc10 (2008-9952)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20081027_LYNX_ON_SL3_X.NASL
    descriptionAn arbitrary command execution flaw was found in the Lynx
    last seen2020-06-01
    modified2020-06-02
    plugin id60486
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60486
    titleScientific Linux Security Update : lynx on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-218.NASL
    descriptionA vulnerability was found in the Lynxcgi: URI handler that could allow an attacker to create a web page redirecting to a malicious URL that would execute arbitrary code as the user running Lynx, if they were using the non-default Advanced user mode (CVE-2008-4690). This update corrects these issues and, in addition, makes Lynx always prompt the user before loading a lynxcgi: URI. As well, the default lynx.cfg configuration file marks all lynxcgi: URIs as untrusted.
    last seen2020-06-01
    modified2020-06-02
    plugin id38035
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38035
    titleMandriva Linux Security Advisory : lynx (MDVSA-2008:218)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200909-15.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200909-15 (Lynx: Arbitrary command execution) Clint Ruoho reported that the fix for CVE-2005-2929 (GLSA 200511-09) only disabled the lynxcgi:// handler when not using the advanced mode. Impact : A remote attacker can entice a user to access a malicious HTTP server, causing Lynx to execute arbitrary commands. NOTE: The advanced mode is not enabled by default. Successful exploitation requires the
    last seen2020-06-01
    modified2020-06-02
    plugin id40962
    published2009-09-14
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40962
    titleGLSA-200909-15 : Lynx: Arbitrary command execution

Oval

accepted2013-04-29T04:12:19.376-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionlynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler.
familyunix
idoval:org.mitre.oval:def:11204
statusaccepted
submitted2010-07-09T03:56:16-04:00
titlelynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler.
version27

Redhat

advisories
bugzilla
id468184
titleCVE-2008-4690 lynx: remote arbitrary command execution via a crafted lynxcgi: URL
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • commentlynx is earlier than 0:2.8.5-18.2.el4_7.1
      ovaloval:com.redhat.rhsa:tst:20080965001
    • commentlynx is signed with Red Hat master key
      ovaloval:com.redhat.rhsa:tst:20080965002
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • commentlynx is earlier than 0:2.8.5-28.1.el5_2.1
      ovaloval:com.redhat.rhsa:tst:20080965004
    • commentlynx is signed with Red Hat redhatrelease key
      ovaloval:com.redhat.rhsa:tst:20080965005
rhsa
idRHSA-2008:0965
released2008-10-27
severityImportant
titleRHSA-2008:0965: lynx security update (Important)
rpms
  • lynx-0:2.8.4-18.1.3
  • lynx-0:2.8.5-11.3
  • lynx-0:2.8.5-18.2.el4_7.1
  • lynx-0:2.8.5-28.1.el5_2.1
  • lynx-debuginfo-0:2.8.5-11.3
  • lynx-debuginfo-0:2.8.5-18.2.el4_7.1
  • lynx-debuginfo-0:2.8.5-28.1.el5_2.1

References