ID CVE-2006-7234
Summary Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.
References
Vulnerable Configurations
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.1
    cpe:2.3:a:lynx:lynx:2.8.1:dev.1
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.10
    cpe:2.3:a:lynx:lynx:2.8.1:dev.10
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.11
    cpe:2.3:a:lynx:lynx:2.8.1:dev.11
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.12
    cpe:2.3:a:lynx:lynx:2.8.1:dev.12
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.13
    cpe:2.3:a:lynx:lynx:2.8.1:dev.13
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.14
    cpe:2.3:a:lynx:lynx:2.8.1:dev.14
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.15
    cpe:2.3:a:lynx:lynx:2.8.1:dev.15
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.16
    cpe:2.3:a:lynx:lynx:2.8.1:dev.16
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.17
    cpe:2.3:a:lynx:lynx:2.8.1:dev.17
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.18
    cpe:2.3:a:lynx:lynx:2.8.1:dev.18
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.19
    cpe:2.3:a:lynx:lynx:2.8.1:dev.19
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.2
    cpe:2.3:a:lynx:lynx:2.8.1:dev.2
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.20
    cpe:2.3:a:lynx:lynx:2.8.1:dev.20
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.21
    cpe:2.3:a:lynx:lynx:2.8.1:dev.21
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.22
    cpe:2.3:a:lynx:lynx:2.8.1:dev.22
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.23
    cpe:2.3:a:lynx:lynx:2.8.1:dev.23
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.24
    cpe:2.3:a:lynx:lynx:2.8.1:dev.24
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.26
    cpe:2.3:a:lynx:lynx:2.8.1:dev.26
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.27
    cpe:2.3:a:lynx:lynx:2.8.1:dev.27
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.28
    cpe:2.3:a:lynx:lynx:2.8.1:dev.28
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.29
    cpe:2.3:a:lynx:lynx:2.8.1:dev.29
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.3
    cpe:2.3:a:lynx:lynx:2.8.1:dev.3
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.4
    cpe:2.3:a:lynx:lynx:2.8.1:dev.4
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.5
    cpe:2.3:a:lynx:lynx:2.8.1:dev.5
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.6
    cpe:2.3:a:lynx:lynx:2.8.1:dev.6
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.7
    cpe:2.3:a:lynx:lynx:2.8.1:dev.7
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.8
    cpe:2.3:a:lynx:lynx:2.8.1:dev.8
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.9
    cpe:2.3:a:lynx:lynx:2.8.1:dev.9
  • cpe:2.3:a:lynx:lynx:2.8.1:pre.1
    cpe:2.3:a:lynx:lynx:2.8.1:pre.1
  • cpe:2.3:a:lynx:lynx:2.8.1:pre.10
    cpe:2.3:a:lynx:lynx:2.8.1:pre.10
  • cpe:2.3:a:lynx:lynx:2.8.1:pre.11
    cpe:2.3:a:lynx:lynx:2.8.1:pre.11
  • cpe:2.3:a:lynx:lynx:2.8.1:pre.2
    cpe:2.3:a:lynx:lynx:2.8.1:pre.2
  • cpe:2.3:a:lynx:lynx:2.8.1:pre.3
    cpe:2.3:a:lynx:lynx:2.8.1:pre.3
  • cpe:2.3:a:lynx:lynx:2.8.1:pre.4
    cpe:2.3:a:lynx:lynx:2.8.1:pre.4
  • cpe:2.3:a:lynx:lynx:2.8.1:pre.5
    cpe:2.3:a:lynx:lynx:2.8.1:pre.5
  • cpe:2.3:a:lynx:lynx:2.8.1:pre.6
    cpe:2.3:a:lynx:lynx:2.8.1:pre.6
  • cpe:2.3:a:lynx:lynx:2.8.1:pre.7
    cpe:2.3:a:lynx:lynx:2.8.1:pre.7
  • cpe:2.3:a:lynx:lynx:2.8.1:pre.8
    cpe:2.3:a:lynx:lynx:2.8.1:pre.8
  • cpe:2.3:a:lynx:lynx:2.8.1:pre.9
    cpe:2.3:a:lynx:lynx:2.8.1:pre.9
  • cpe:2.3:a:lynx:lynx:2.8.1:rel.1
    cpe:2.3:a:lynx:lynx:2.8.1:rel.1
  • cpe:2.3:a:lynx:lynx:2.8.1:rel.2
    cpe:2.3:a:lynx:lynx:2.8.1:rel.2
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.1
    cpe:2.3:a:lynx:lynx:2.8.2:dev.1
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.10
    cpe:2.3:a:lynx:lynx:2.8.2:dev.10
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.11
    cpe:2.3:a:lynx:lynx:2.8.2:dev.11
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.12
    cpe:2.3:a:lynx:lynx:2.8.2:dev.12
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.13
    cpe:2.3:a:lynx:lynx:2.8.2:dev.13
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.14
    cpe:2.3:a:lynx:lynx:2.8.2:dev.14
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.15
    cpe:2.3:a:lynx:lynx:2.8.2:dev.15
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.16
    cpe:2.3:a:lynx:lynx:2.8.2:dev.16
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.17
    cpe:2.3:a:lynx:lynx:2.8.2:dev.17
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.18
    cpe:2.3:a:lynx:lynx:2.8.2:dev.18
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.19
    cpe:2.3:a:lynx:lynx:2.8.2:dev.19
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.2
    cpe:2.3:a:lynx:lynx:2.8.2:dev.2
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.20
    cpe:2.3:a:lynx:lynx:2.8.2:dev.20
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.21
    cpe:2.3:a:lynx:lynx:2.8.2:dev.21
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.22
    cpe:2.3:a:lynx:lynx:2.8.2:dev.22
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.23
    cpe:2.3:a:lynx:lynx:2.8.2:dev.23
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.24
    cpe:2.3:a:lynx:lynx:2.8.2:dev.24
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.25
    cpe:2.3:a:lynx:lynx:2.8.2:dev.25
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.26
    cpe:2.3:a:lynx:lynx:2.8.2:dev.26
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.3
    cpe:2.3:a:lynx:lynx:2.8.2:dev.3
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.4
    cpe:2.3:a:lynx:lynx:2.8.2:dev.4
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.5
    cpe:2.3:a:lynx:lynx:2.8.2:dev.5
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.6
    cpe:2.3:a:lynx:lynx:2.8.2:dev.6
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.7
    cpe:2.3:a:lynx:lynx:2.8.2:dev.7
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.8
    cpe:2.3:a:lynx:lynx:2.8.2:dev.8
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.9
    cpe:2.3:a:lynx:lynx:2.8.2:dev.9
  • cpe:2.3:a:lynx:lynx:2.8.2:pre.1
    cpe:2.3:a:lynx:lynx:2.8.2:pre.1
  • cpe:2.3:a:lynx:lynx:2.8.2:pre.10
    cpe:2.3:a:lynx:lynx:2.8.2:pre.10
  • cpe:2.3:a:lynx:lynx:2.8.2:pre.11
    cpe:2.3:a:lynx:lynx:2.8.2:pre.11
  • cpe:2.3:a:lynx:lynx:2.8.2:pre.2
    cpe:2.3:a:lynx:lynx:2.8.2:pre.2
  • cpe:2.3:a:lynx:lynx:2.8.2:pre.3
    cpe:2.3:a:lynx:lynx:2.8.2:pre.3
  • cpe:2.3:a:lynx:lynx:2.8.2:pre.4
    cpe:2.3:a:lynx:lynx:2.8.2:pre.4
  • cpe:2.3:a:lynx:lynx:2.8.2:pre.5
    cpe:2.3:a:lynx:lynx:2.8.2:pre.5
  • cpe:2.3:a:lynx:lynx:2.8.2:pre.6
    cpe:2.3:a:lynx:lynx:2.8.2:pre.6
  • cpe:2.3:a:lynx:lynx:2.8.2:pre.7
    cpe:2.3:a:lynx:lynx:2.8.2:pre.7
  • cpe:2.3:a:lynx:lynx:2.8.2:pre.8
    cpe:2.3:a:lynx:lynx:2.8.2:pre.8
  • cpe:2.3:a:lynx:lynx:2.8.2:pre.9
    cpe:2.3:a:lynx:lynx:2.8.2:pre.9
  • cpe:2.3:a:lynx:lynx:2.8.2:rel.1
    cpe:2.3:a:lynx:lynx:2.8.2:rel.1
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.1
    cpe:2.3:a:lynx:lynx:2.8.3:dev.1
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.10
    cpe:2.3:a:lynx:lynx:2.8.3:dev.10
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.11
    cpe:2.3:a:lynx:lynx:2.8.3:dev.11
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.12
    cpe:2.3:a:lynx:lynx:2.8.3:dev.12
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.13
    cpe:2.3:a:lynx:lynx:2.8.3:dev.13
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.14
    cpe:2.3:a:lynx:lynx:2.8.3:dev.14
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.15
    cpe:2.3:a:lynx:lynx:2.8.3:dev.15
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.16
    cpe:2.3:a:lynx:lynx:2.8.3:dev.16
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.17
    cpe:2.3:a:lynx:lynx:2.8.3:dev.17
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.18
    cpe:2.3:a:lynx:lynx:2.8.3:dev.18
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.19
    cpe:2.3:a:lynx:lynx:2.8.3:dev.19
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.2
    cpe:2.3:a:lynx:lynx:2.8.3:dev.2
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.20
    cpe:2.3:a:lynx:lynx:2.8.3:dev.20
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.21
    cpe:2.3:a:lynx:lynx:2.8.3:dev.21
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.22
    cpe:2.3:a:lynx:lynx:2.8.3:dev.22
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.23
    cpe:2.3:a:lynx:lynx:2.8.3:dev.23
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.3
    cpe:2.3:a:lynx:lynx:2.8.3:dev.3
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.4
    cpe:2.3:a:lynx:lynx:2.8.3:dev.4
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.5
    cpe:2.3:a:lynx:lynx:2.8.3:dev.5
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.6
    cpe:2.3:a:lynx:lynx:2.8.3:dev.6
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.7
    cpe:2.3:a:lynx:lynx:2.8.3:dev.7
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.8
    cpe:2.3:a:lynx:lynx:2.8.3:dev.8
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.9
    cpe:2.3:a:lynx:lynx:2.8.3:dev.9
  • cpe:2.3:a:lynx:lynx:2.8.3:pre1
    cpe:2.3:a:lynx:lynx:2.8.3:pre1
  • cpe:2.3:a:lynx:lynx:2.8.3:pre2
    cpe:2.3:a:lynx:lynx:2.8.3:pre2
  • cpe:2.3:a:lynx:lynx:2.8.3:pre3
    cpe:2.3:a:lynx:lynx:2.8.3:pre3
  • cpe:2.3:a:lynx:lynx:2.8.3:pre4
    cpe:2.3:a:lynx:lynx:2.8.3:pre4
  • cpe:2.3:a:lynx:lynx:2.8.3:pre5
    cpe:2.3:a:lynx:lynx:2.8.3:pre5
  • cpe:2.3:a:lynx:lynx:2.8.3:pre6
    cpe:2.3:a:lynx:lynx:2.8.3:pre6
  • cpe:2.3:a:lynx:lynx:2.8.3:pre7
    cpe:2.3:a:lynx:lynx:2.8.3:pre7
  • cpe:2.3:a:lynx:lynx:2.8.3:pre8
    cpe:2.3:a:lynx:lynx:2.8.3:pre8
  • cpe:2.3:a:lynx:lynx:2.8.3:rel1
    cpe:2.3:a:lynx:lynx:2.8.3:rel1
  • cpe:2.3:a:lynx:lynx:2.8.4:dev1
    cpe:2.3:a:lynx:lynx:2.8.4:dev1
  • cpe:2.3:a:lynx:lynx:2.8.4:dev10
    cpe:2.3:a:lynx:lynx:2.8.4:dev10
  • cpe:2.3:a:lynx:lynx:2.8.4:dev11
    cpe:2.3:a:lynx:lynx:2.8.4:dev11
  • cpe:2.3:a:lynx:lynx:2.8.4:dev12
    cpe:2.3:a:lynx:lynx:2.8.4:dev12
  • cpe:2.3:a:lynx:lynx:2.8.4:dev13
    cpe:2.3:a:lynx:lynx:2.8.4:dev13
  • cpe:2.3:a:lynx:lynx:2.8.4:dev14
    cpe:2.3:a:lynx:lynx:2.8.4:dev14
  • cpe:2.3:a:lynx:lynx:2.8.4:dev15
    cpe:2.3:a:lynx:lynx:2.8.4:dev15
  • cpe:2.3:a:lynx:lynx:2.8.4:dev16
    cpe:2.3:a:lynx:lynx:2.8.4:dev16
  • cpe:2.3:a:lynx:lynx:2.8.4:dev17
    cpe:2.3:a:lynx:lynx:2.8.4:dev17
  • cpe:2.3:a:lynx:lynx:2.8.4:dev18
    cpe:2.3:a:lynx:lynx:2.8.4:dev18
  • cpe:2.3:a:lynx:lynx:2.8.4:dev19
    cpe:2.3:a:lynx:lynx:2.8.4:dev19
  • cpe:2.3:a:lynx:lynx:2.8.4:dev2
    cpe:2.3:a:lynx:lynx:2.8.4:dev2
  • cpe:2.3:a:lynx:lynx:2.8.4:dev20
    cpe:2.3:a:lynx:lynx:2.8.4:dev20
  • cpe:2.3:a:lynx:lynx:2.8.4:dev21
    cpe:2.3:a:lynx:lynx:2.8.4:dev21
  • cpe:2.3:a:lynx:lynx:2.8.4:dev3
    cpe:2.3:a:lynx:lynx:2.8.4:dev3
  • cpe:2.3:a:lynx:lynx:2.8.4:dev4
    cpe:2.3:a:lynx:lynx:2.8.4:dev4
  • cpe:2.3:a:lynx:lynx:2.8.4:dev5
    cpe:2.3:a:lynx:lynx:2.8.4:dev5
  • cpe:2.3:a:lynx:lynx:2.8.4:dev6
    cpe:2.3:a:lynx:lynx:2.8.4:dev6
  • cpe:2.3:a:lynx:lynx:2.8.4:dev7
    cpe:2.3:a:lynx:lynx:2.8.4:dev7
  • cpe:2.3:a:lynx:lynx:2.8.4:dev8
    cpe:2.3:a:lynx:lynx:2.8.4:dev8
  • cpe:2.3:a:lynx:lynx:2.8.4:dev9
    cpe:2.3:a:lynx:lynx:2.8.4:dev9
  • cpe:2.3:a:lynx:lynx:2.8.4:pre.1
    cpe:2.3:a:lynx:lynx:2.8.4:pre.1
  • cpe:2.3:a:lynx:lynx:2.8.4:pre.2
    cpe:2.3:a:lynx:lynx:2.8.4:pre.2
  • cpe:2.3:a:lynx:lynx:2.8.4:pre.3
    cpe:2.3:a:lynx:lynx:2.8.4:pre.3
  • cpe:2.3:a:lynx:lynx:2.8.4:pre.4
    cpe:2.3:a:lynx:lynx:2.8.4:pre.4
  • cpe:2.3:a:lynx:lynx:2.8.4:pre.5
    cpe:2.3:a:lynx:lynx:2.8.4:pre.5
  • cpe:2.3:a:lynx:lynx:2.8.4:rel.1
    cpe:2.3:a:lynx:lynx:2.8.4:rel.1
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.1
    cpe:2.3:a:lynx:lynx:2.8.5:dev.1
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.10
    cpe:2.3:a:lynx:lynx:2.8.5:dev.10
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.11
    cpe:2.3:a:lynx:lynx:2.8.5:dev.11
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.12
    cpe:2.3:a:lynx:lynx:2.8.5:dev.12
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.13
    cpe:2.3:a:lynx:lynx:2.8.5:dev.13
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.14
    cpe:2.3:a:lynx:lynx:2.8.5:dev.14
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.15
    cpe:2.3:a:lynx:lynx:2.8.5:dev.15
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.16
    cpe:2.3:a:lynx:lynx:2.8.5:dev.16
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.17
    cpe:2.3:a:lynx:lynx:2.8.5:dev.17
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.2
    cpe:2.3:a:lynx:lynx:2.8.5:dev.2
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.3
    cpe:2.3:a:lynx:lynx:2.8.5:dev.3
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.4
    cpe:2.3:a:lynx:lynx:2.8.5:dev.4
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.5
    cpe:2.3:a:lynx:lynx:2.8.5:dev.5
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.6
    cpe:2.3:a:lynx:lynx:2.8.5:dev.6
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.7
    cpe:2.3:a:lynx:lynx:2.8.5:dev.7
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.8
    cpe:2.3:a:lynx:lynx:2.8.5:dev.8
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.9
    cpe:2.3:a:lynx:lynx:2.8.5:dev.9
  • cpe:2.3:a:lynx:lynx:2.8.5:pre.1
    cpe:2.3:a:lynx:lynx:2.8.5:pre.1
  • cpe:2.3:a:lynx:lynx:2.8.5:pre.2
    cpe:2.3:a:lynx:lynx:2.8.5:pre.2
  • cpe:2.3:a:lynx:lynx:2.8.5:pre.3
    cpe:2.3:a:lynx:lynx:2.8.5:pre.3
  • cpe:2.3:a:lynx:lynx:2.8.5:pre.4
    cpe:2.3:a:lynx:lynx:2.8.5:pre.4
  • cpe:2.3:a:lynx:lynx:2.8.5:pre.5
    cpe:2.3:a:lynx:lynx:2.8.5:pre.5
  • cpe:2.3:a:lynx:lynx:2.8.5:rel.1
    cpe:2.3:a:lynx:lynx:2.8.5:rel.1
  • cpe:2.3:a:lynx:lynx:2.8.6:dev1
    cpe:2.3:a:lynx:lynx:2.8.6:dev1
  • cpe:2.3:a:lynx:lynx:2.8.6:dev10
    cpe:2.3:a:lynx:lynx:2.8.6:dev10
  • cpe:2.3:a:lynx:lynx:2.8.6:dev11
    cpe:2.3:a:lynx:lynx:2.8.6:dev11
  • cpe:2.3:a:lynx:lynx:2.8.6:dev12
    cpe:2.3:a:lynx:lynx:2.8.6:dev12
  • cpe:2.3:a:lynx:lynx:2.8.6:dev13
    cpe:2.3:a:lynx:lynx:2.8.6:dev13
  • cpe:2.3:a:lynx:lynx:2.8.6:dev14
    cpe:2.3:a:lynx:lynx:2.8.6:dev14
  • cpe:2.3:a:lynx:lynx:2.8.6:dev15
    cpe:2.3:a:lynx:lynx:2.8.6:dev15
  • cpe:2.3:a:lynx:lynx:2.8.6:dev2
    cpe:2.3:a:lynx:lynx:2.8.6:dev2
  • cpe:2.3:a:lynx:lynx:2.8.6:dev3
    cpe:2.3:a:lynx:lynx:2.8.6:dev3
  • cpe:2.3:a:lynx:lynx:2.8.6:dev4
    cpe:2.3:a:lynx:lynx:2.8.6:dev4
  • cpe:2.3:a:lynx:lynx:2.8.6:dev5
    cpe:2.3:a:lynx:lynx:2.8.6:dev5
  • cpe:2.3:a:lynx:lynx:2.8.6:dev6
    cpe:2.3:a:lynx:lynx:2.8.6:dev6
  • cpe:2.3:a:lynx:lynx:2.8.6:dev7
    cpe:2.3:a:lynx:lynx:2.8.6:dev7
  • cpe:2.3:a:lynx:lynx:2.8.6:dev8
    cpe:2.3:a:lynx:lynx:2.8.6:dev8
  • cpe:2.3:a:lynx:lynx:2.8.6:dev9
    cpe:2.3:a:lynx:lynx:2.8.6:dev9
  • cpe:2.3:a:lynx:lynx:2.8.6:rel1
    cpe:2.3:a:lynx:lynx:2.8.6:rel1
  • cpe:2.3:a:lynx:lynx:2.8.6:rel2
    cpe:2.3:a:lynx:lynx:2.8.6:rel2
  • cpe:2.3:a:lynx:lynx:2.8.6:rel3
    cpe:2.3:a:lynx:lynx:2.8.6:rel3
CVSS
Base: 4.6 (as of 27-10-2008 - 13:28)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description Lynx 2.8 '.mailcap' and '.mime.type' Files Local Code Execution Vulnerability. CVE-2006-7234. Remote exploit for linux platform
id EDB-ID:32530
last seen 2016-02-03
modified 2008-11-03
published 2008-11-03
reporter Piotr Engelking
source https://www.exploit-db.com/download/32530/
title Lynx 2.8 - '.mailcap' and '.mime.type' Files Local Code Execution Vulnerability
nessus via4
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0965.NASL
    description From Red Hat Security Advisory 2008:0965 : An updated lynx package that corrects two security issues is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Lynx is a text-based Web browser. An arbitrary command execution flaw was found in the Lynx 'lynxcgi:' URI handler. An attacker could create a web page redirecting to a malicious URL that could execute arbitrary code as the user running Lynx in the non-default 'Advanced' user mode. (CVE-2008-4690) Note: In these updated lynx packages, Lynx will always prompt users before loading a 'lynxcgi:' URI. Additionally, the default lynx.cfg configuration file now marks all 'lynxcgi:' URIs as untrusted by default. A flaw was found in a way Lynx handled '.mailcap' and '.mime.types' configuration files. Files in the browser's current working directory were opened before those in the user's home directory. A local attacker, able to convince a user to run Lynx in a directory under their control, could possibly execute arbitrary commands as the user running Lynx. (CVE-2006-7234) All users of Lynx are advised to upgrade to this updated package, which contains backported patches correcting these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67759
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67759
    title Oracle Linux 3 / 4 / 5 : lynx (ELSA-2008-0965)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0965.NASL
    description An updated lynx package that corrects two security issues is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Lynx is a text-based Web browser. An arbitrary command execution flaw was found in the Lynx 'lynxcgi:' URI handler. An attacker could create a web page redirecting to a malicious URL that could execute arbitrary code as the user running Lynx in the non-default 'Advanced' user mode. (CVE-2008-4690) Note: In these updated lynx packages, Lynx will always prompt users before loading a 'lynxcgi:' URI. Additionally, the default lynx.cfg configuration file now marks all 'lynxcgi:' URIs as untrusted by default. A flaw was found in a way Lynx handled '.mailcap' and '.mime.types' configuration files. Files in the browser's current working directory were opened before those in the user's home directory. A local attacker, able to convince a user to run Lynx in a directory under their control, could possibly execute arbitrary commands as the user running Lynx. (CVE-2006-7234) All users of Lynx are advised to upgrade to this updated package, which contains backported patches correcting these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 34503
    published 2008-10-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34503
    title CentOS 3 / 4 / 5 : lynx (CESA-2008:0965)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0965.NASL
    description An updated lynx package that corrects two security issues is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Lynx is a text-based Web browser. An arbitrary command execution flaw was found in the Lynx 'lynxcgi:' URI handler. An attacker could create a web page redirecting to a malicious URL that could execute arbitrary code as the user running Lynx in the non-default 'Advanced' user mode. (CVE-2008-4690) Note: In these updated lynx packages, Lynx will always prompt users before loading a 'lynxcgi:' URI. Additionally, the default lynx.cfg configuration file now marks all 'lynxcgi:' URIs as untrusted by default. A flaw was found in a way Lynx handled '.mailcap' and '.mime.types' configuration files. Files in the browser's current working directory were opened before those in the user's home directory. A local attacker, able to convince a user to run Lynx in a directory under their control, could possibly execute arbitrary commands as the user running Lynx. (CVE-2006-7234) All users of Lynx are advised to upgrade to this updated package, which contains backported patches correcting these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 34505
    published 2008-10-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34505
    title RHEL 2.1 / 3 / 4 / 5 : lynx (RHSA-2008:0965)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20081027_LYNX_ON_SL3_X.NASL
    description An arbitrary command execution flaw was found in the Lynx 'lynxcgi:' URI handler. An attacker could create a web page redirecting to a malicious URL that could execute arbitrary code as the user running Lynx in the non-default 'Advanced' user mode. (CVE-2008-4690) Note: In these updated lynx packages, Lynx will always prompt users before loading a 'lynxcgi:' URI. Additionally, the default lynx.cfg configuration file now marks all 'lynxcgi:' URIs as untrusted by default. A flaw was found in a way Lynx handled '.mailcap' and '.mime.types' configuration files. Files in the browser's current working directory were opened before those in the user's home directory. A local attacker, able to convince a user to run Lynx in a directory under their control, could possibly execute arbitrary commands as the user running Lynx. (CVE-2006-7234)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60486
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60486
    title Scientific Linux Security Update : lynx on SL3.x, SL4.x, SL5.x i386/x86_64
oval via4
accepted 2013-04-29T04:21:34.999-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.
family unix
id oval:org.mitre.oval:def:9719
status accepted
submitted 2010-07-09T03:56:16-04:00
title Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.
version 24
redhat via4
advisories
rhsa
id RHSA-2008:0965
rpms
  • lynx-0:2.8.5-11.3
  • lynx-0:2.8.5-18.2.el4_7.1
  • lynx-0:2.8.5-28.1.el5_2.1
refmap via4
bid 31917
confirm
mandriva MDVSA-2008:217
mlist [oss-security] 20081025 CVE request: lynx (old) .mailcap handling flaw
sectrack 1021107
secunia
  • 32407
  • 32416
  • 33568
suse SUSE-SR:2009:002
xf lynx-mailcap-mimetype-code-execution(46132)
Last major update 21-08-2010 - 00:59
Published 27-10-2008 - 13:21
Last modified 10-10-2017 - 21:31
Back to Top