ID CVE-2008-4690
Summary lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler.
References
Vulnerable Configurations
  • cpe:2.3:a:lynx:lynx:2.8.6:dev15
    cpe:2.3:a:lynx:lynx:2.8.6:dev15
  • cpe:2.3:a:lynx:lynx:2.8.6:dev14
    cpe:2.3:a:lynx:lynx:2.8.6:dev14
  • cpe:2.3:a:lynx:lynx:2.8.6:dev13
    cpe:2.3:a:lynx:lynx:2.8.6:dev13
  • cpe:2.3:a:lynx:lynx:2.8.6:dev12
    cpe:2.3:a:lynx:lynx:2.8.6:dev12
  • cpe:2.3:a:lynx:lynx:2.8.6:dev11
    cpe:2.3:a:lynx:lynx:2.8.6:dev11
  • cpe:2.3:a:lynx:lynx:2.8.6:dev10
    cpe:2.3:a:lynx:lynx:2.8.6:dev10
  • cpe:2.3:a:lynx:lynx:2.8.6:dev9
    cpe:2.3:a:lynx:lynx:2.8.6:dev9
  • cpe:2.3:a:lynx:lynx:2.8.6:dev8
    cpe:2.3:a:lynx:lynx:2.8.6:dev8
  • cpe:2.3:a:lynx:lynx:2.8.6:dev7
    cpe:2.3:a:lynx:lynx:2.8.6:dev7
  • cpe:2.3:a:lynx:lynx:2.8.6:dev6
    cpe:2.3:a:lynx:lynx:2.8.6:dev6
  • cpe:2.3:a:lynx:lynx:2.8.6:dev5
    cpe:2.3:a:lynx:lynx:2.8.6:dev5
  • cpe:2.3:a:lynx:lynx:2.8.6:dev4
    cpe:2.3:a:lynx:lynx:2.8.6:dev4
  • cpe:2.3:a:lynx:lynx:2.8.6:dev3
    cpe:2.3:a:lynx:lynx:2.8.6:dev3
  • cpe:2.3:a:lynx:lynx:2.8.6:dev2
    cpe:2.3:a:lynx:lynx:2.8.6:dev2
  • cpe:2.3:a:lynx:lynx:2.8.6:dev1
    cpe:2.3:a:lynx:lynx:2.8.6:dev1
  • cpe:2.3:a:lynx:lynx:2.8.5:rel.1
    cpe:2.3:a:lynx:lynx:2.8.5:rel.1
  • cpe:2.3:a:lynx:lynx:2.8.5:pre.5
    cpe:2.3:a:lynx:lynx:2.8.5:pre.5
  • cpe:2.3:a:lynx:lynx:2.8.5:pre.4
    cpe:2.3:a:lynx:lynx:2.8.5:pre.4
  • cpe:2.3:a:lynx:lynx:2.8.5:pre.3
    cpe:2.3:a:lynx:lynx:2.8.5:pre.3
  • cpe:2.3:a:lynx:lynx:2.8.5:pre.2
    cpe:2.3:a:lynx:lynx:2.8.5:pre.2
  • cpe:2.3:a:lynx:lynx:2.8.5:pre.1
    cpe:2.3:a:lynx:lynx:2.8.5:pre.1
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.17
    cpe:2.3:a:lynx:lynx:2.8.5:dev.17
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.16
    cpe:2.3:a:lynx:lynx:2.8.5:dev.16
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.15
    cpe:2.3:a:lynx:lynx:2.8.5:dev.15
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.14
    cpe:2.3:a:lynx:lynx:2.8.5:dev.14
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.13
    cpe:2.3:a:lynx:lynx:2.8.5:dev.13
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.12
    cpe:2.3:a:lynx:lynx:2.8.5:dev.12
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.11
    cpe:2.3:a:lynx:lynx:2.8.5:dev.11
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.10
    cpe:2.3:a:lynx:lynx:2.8.5:dev.10
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.9
    cpe:2.3:a:lynx:lynx:2.8.5:dev.9
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.8
    cpe:2.3:a:lynx:lynx:2.8.5:dev.8
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.7
    cpe:2.3:a:lynx:lynx:2.8.5:dev.7
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.6
    cpe:2.3:a:lynx:lynx:2.8.5:dev.6
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.5
    cpe:2.3:a:lynx:lynx:2.8.5:dev.5
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.4
    cpe:2.3:a:lynx:lynx:2.8.5:dev.4
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.3
    cpe:2.3:a:lynx:lynx:2.8.5:dev.3
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.2
    cpe:2.3:a:lynx:lynx:2.8.5:dev.2
  • cpe:2.3:a:lynx:lynx:2.8.5:dev.1
    cpe:2.3:a:lynx:lynx:2.8.5:dev.1
  • cpe:2.3:a:lynx:lynx:2.8.4:rel.1
    cpe:2.3:a:lynx:lynx:2.8.4:rel.1
  • cpe:2.3:a:lynx:lynx:2.8.4:pre.5
    cpe:2.3:a:lynx:lynx:2.8.4:pre.5
  • cpe:2.3:a:lynx:lynx:2.8.4:pre.4
    cpe:2.3:a:lynx:lynx:2.8.4:pre.4
  • cpe:2.3:a:lynx:lynx:2.8.4:pre.3
    cpe:2.3:a:lynx:lynx:2.8.4:pre.3
  • cpe:2.3:a:lynx:lynx:2.8.4:pre.2
    cpe:2.3:a:lynx:lynx:2.8.4:pre.2
  • cpe:2.3:a:lynx:lynx:2.8.4:pre.1
    cpe:2.3:a:lynx:lynx:2.8.4:pre.1
  • cpe:2.3:a:lynx:lynx:2.8.4:dev21
    cpe:2.3:a:lynx:lynx:2.8.4:dev21
  • cpe:2.3:a:lynx:lynx:2.8.4:dev20
    cpe:2.3:a:lynx:lynx:2.8.4:dev20
  • cpe:2.3:a:lynx:lynx:2.8.4:dev19
    cpe:2.3:a:lynx:lynx:2.8.4:dev19
  • cpe:2.3:a:lynx:lynx:2.8.4:dev18
    cpe:2.3:a:lynx:lynx:2.8.4:dev18
  • cpe:2.3:a:lynx:lynx:2.8.4:dev17
    cpe:2.3:a:lynx:lynx:2.8.4:dev17
  • cpe:2.3:a:lynx:lynx:2.8.4:dev16
    cpe:2.3:a:lynx:lynx:2.8.4:dev16
  • cpe:2.3:a:lynx:lynx:2.8.4:dev15
    cpe:2.3:a:lynx:lynx:2.8.4:dev15
  • cpe:2.3:a:lynx:lynx:2.8.4:dev14
    cpe:2.3:a:lynx:lynx:2.8.4:dev14
  • cpe:2.3:a:lynx:lynx:2.8.4:dev13
    cpe:2.3:a:lynx:lynx:2.8.4:dev13
  • cpe:2.3:a:lynx:lynx:2.8.4:dev12
    cpe:2.3:a:lynx:lynx:2.8.4:dev12
  • cpe:2.3:a:lynx:lynx:2.8.4:dev11
    cpe:2.3:a:lynx:lynx:2.8.4:dev11
  • cpe:2.3:a:lynx:lynx:2.8.4:dev10
    cpe:2.3:a:lynx:lynx:2.8.4:dev10
  • cpe:2.3:a:lynx:lynx:2.8.4:dev9
    cpe:2.3:a:lynx:lynx:2.8.4:dev9
  • cpe:2.3:a:lynx:lynx:2.8.4:dev8
    cpe:2.3:a:lynx:lynx:2.8.4:dev8
  • cpe:2.3:a:lynx:lynx:2.8.4:dev7
    cpe:2.3:a:lynx:lynx:2.8.4:dev7
  • cpe:2.3:a:lynx:lynx:2.8.4:dev6
    cpe:2.3:a:lynx:lynx:2.8.4:dev6
  • cpe:2.3:a:lynx:lynx:2.8.4:dev5
    cpe:2.3:a:lynx:lynx:2.8.4:dev5
  • cpe:2.3:a:lynx:lynx:2.8.4:dev4
    cpe:2.3:a:lynx:lynx:2.8.4:dev4
  • cpe:2.3:a:lynx:lynx:2.8.4:dev3
    cpe:2.3:a:lynx:lynx:2.8.4:dev3
  • cpe:2.3:a:lynx:lynx:2.8.4:dev2
    cpe:2.3:a:lynx:lynx:2.8.4:dev2
  • cpe:2.3:a:lynx:lynx:2.8.4:dev1
    cpe:2.3:a:lynx:lynx:2.8.4:dev1
  • cpe:2.3:a:lynx:lynx:2.8.3:rel1
    cpe:2.3:a:lynx:lynx:2.8.3:rel1
  • cpe:2.3:a:lynx:lynx:2.8.3:pre8
    cpe:2.3:a:lynx:lynx:2.8.3:pre8
  • cpe:2.3:a:lynx:lynx:2.8.3:pre7
    cpe:2.3:a:lynx:lynx:2.8.3:pre7
  • cpe:2.3:a:lynx:lynx:2.8.3:pre6
    cpe:2.3:a:lynx:lynx:2.8.3:pre6
  • cpe:2.3:a:lynx:lynx:2.8.3:pre5
    cpe:2.3:a:lynx:lynx:2.8.3:pre5
  • cpe:2.3:a:lynx:lynx:2.8.3:pre4
    cpe:2.3:a:lynx:lynx:2.8.3:pre4
  • cpe:2.3:a:lynx:lynx:2.8.3:pre3
    cpe:2.3:a:lynx:lynx:2.8.3:pre3
  • cpe:2.3:a:lynx:lynx:2.8.3:pre2
    cpe:2.3:a:lynx:lynx:2.8.3:pre2
  • cpe:2.3:a:lynx:lynx:2.8.3:pre1
    cpe:2.3:a:lynx:lynx:2.8.3:pre1
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.23
    cpe:2.3:a:lynx:lynx:2.8.3:dev.23
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.22
    cpe:2.3:a:lynx:lynx:2.8.3:dev.22
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.21
    cpe:2.3:a:lynx:lynx:2.8.3:dev.21
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.20
    cpe:2.3:a:lynx:lynx:2.8.3:dev.20
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.19
    cpe:2.3:a:lynx:lynx:2.8.3:dev.19
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.18
    cpe:2.3:a:lynx:lynx:2.8.3:dev.18
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.17
    cpe:2.3:a:lynx:lynx:2.8.3:dev.17
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.16
    cpe:2.3:a:lynx:lynx:2.8.3:dev.16
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.15
    cpe:2.3:a:lynx:lynx:2.8.3:dev.15
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.14
    cpe:2.3:a:lynx:lynx:2.8.3:dev.14
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.13
    cpe:2.3:a:lynx:lynx:2.8.3:dev.13
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.12
    cpe:2.3:a:lynx:lynx:2.8.3:dev.12
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.11
    cpe:2.3:a:lynx:lynx:2.8.3:dev.11
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.10
    cpe:2.3:a:lynx:lynx:2.8.3:dev.10
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.9
    cpe:2.3:a:lynx:lynx:2.8.3:dev.9
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.8
    cpe:2.3:a:lynx:lynx:2.8.3:dev.8
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.7
    cpe:2.3:a:lynx:lynx:2.8.3:dev.7
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.6
    cpe:2.3:a:lynx:lynx:2.8.3:dev.6
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.5
    cpe:2.3:a:lynx:lynx:2.8.3:dev.5
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.4
    cpe:2.3:a:lynx:lynx:2.8.3:dev.4
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.3
    cpe:2.3:a:lynx:lynx:2.8.3:dev.3
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.2
    cpe:2.3:a:lynx:lynx:2.8.3:dev.2
  • cpe:2.3:a:lynx:lynx:2.8.3:dev.1
    cpe:2.3:a:lynx:lynx:2.8.3:dev.1
  • cpe:2.3:a:lynx:lynx:2.8.2:rel.1
    cpe:2.3:a:lynx:lynx:2.8.2:rel.1
  • cpe:2.3:a:lynx:lynx:2.8.2:pre.11
    cpe:2.3:a:lynx:lynx:2.8.2:pre.11
  • cpe:2.3:a:lynx:lynx:2.8.2:pre.10
    cpe:2.3:a:lynx:lynx:2.8.2:pre.10
  • cpe:2.3:a:lynx:lynx:2.8.2:pre.9
    cpe:2.3:a:lynx:lynx:2.8.2:pre.9
  • cpe:2.3:a:lynx:lynx:2.8.2:pre.8
    cpe:2.3:a:lynx:lynx:2.8.2:pre.8
  • cpe:2.3:a:lynx:lynx:2.8.2:pre.7
    cpe:2.3:a:lynx:lynx:2.8.2:pre.7
  • cpe:2.3:a:lynx:lynx:2.8.2:pre.6
    cpe:2.3:a:lynx:lynx:2.8.2:pre.6
  • cpe:2.3:a:lynx:lynx:2.8.2:pre.5
    cpe:2.3:a:lynx:lynx:2.8.2:pre.5
  • cpe:2.3:a:lynx:lynx:2.8.2:pre.4
    cpe:2.3:a:lynx:lynx:2.8.2:pre.4
  • cpe:2.3:a:lynx:lynx:2.8.2:pre.3
    cpe:2.3:a:lynx:lynx:2.8.2:pre.3
  • cpe:2.3:a:lynx:lynx:2.8.2:pre.2
    cpe:2.3:a:lynx:lynx:2.8.2:pre.2
  • cpe:2.3:a:lynx:lynx:2.8.2:pre.1
    cpe:2.3:a:lynx:lynx:2.8.2:pre.1
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.26
    cpe:2.3:a:lynx:lynx:2.8.2:dev.26
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.25
    cpe:2.3:a:lynx:lynx:2.8.2:dev.25
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.24
    cpe:2.3:a:lynx:lynx:2.8.2:dev.24
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.23
    cpe:2.3:a:lynx:lynx:2.8.2:dev.23
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.22
    cpe:2.3:a:lynx:lynx:2.8.2:dev.22
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.21
    cpe:2.3:a:lynx:lynx:2.8.2:dev.21
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.20
    cpe:2.3:a:lynx:lynx:2.8.2:dev.20
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.19
    cpe:2.3:a:lynx:lynx:2.8.2:dev.19
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.18
    cpe:2.3:a:lynx:lynx:2.8.2:dev.18
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.17
    cpe:2.3:a:lynx:lynx:2.8.2:dev.17
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.16
    cpe:2.3:a:lynx:lynx:2.8.2:dev.16
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.15
    cpe:2.3:a:lynx:lynx:2.8.2:dev.15
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.14
    cpe:2.3:a:lynx:lynx:2.8.2:dev.14
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.13
    cpe:2.3:a:lynx:lynx:2.8.2:dev.13
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.12
    cpe:2.3:a:lynx:lynx:2.8.2:dev.12
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.11
    cpe:2.3:a:lynx:lynx:2.8.2:dev.11
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.10
    cpe:2.3:a:lynx:lynx:2.8.2:dev.10
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.9
    cpe:2.3:a:lynx:lynx:2.8.2:dev.9
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.8
    cpe:2.3:a:lynx:lynx:2.8.2:dev.8
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.7
    cpe:2.3:a:lynx:lynx:2.8.2:dev.7
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.6
    cpe:2.3:a:lynx:lynx:2.8.2:dev.6
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.5
    cpe:2.3:a:lynx:lynx:2.8.2:dev.5
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.4
    cpe:2.3:a:lynx:lynx:2.8.2:dev.4
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.3
    cpe:2.3:a:lynx:lynx:2.8.2:dev.3
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.2
    cpe:2.3:a:lynx:lynx:2.8.2:dev.2
  • cpe:2.3:a:lynx:lynx:2.8.2:dev.1
    cpe:2.3:a:lynx:lynx:2.8.2:dev.1
  • cpe:2.3:a:lynx:lynx:2.8.1:rel.2
    cpe:2.3:a:lynx:lynx:2.8.1:rel.2
  • cpe:2.3:a:lynx:lynx:2.8.1:rel.1
    cpe:2.3:a:lynx:lynx:2.8.1:rel.1
  • cpe:2.3:a:lynx:lynx:2.8.1:pre.11
    cpe:2.3:a:lynx:lynx:2.8.1:pre.11
  • cpe:2.3:a:lynx:lynx:2.8.1:pre.10
    cpe:2.3:a:lynx:lynx:2.8.1:pre.10
  • cpe:2.3:a:lynx:lynx:2.8.1:pre.9
    cpe:2.3:a:lynx:lynx:2.8.1:pre.9
  • cpe:2.3:a:lynx:lynx:2.8.1:pre.8
    cpe:2.3:a:lynx:lynx:2.8.1:pre.8
  • cpe:2.3:a:lynx:lynx:2.8.1:pre.7
    cpe:2.3:a:lynx:lynx:2.8.1:pre.7
  • cpe:2.3:a:lynx:lynx:2.8.1:pre.6
    cpe:2.3:a:lynx:lynx:2.8.1:pre.6
  • cpe:2.3:a:lynx:lynx:2.8.1:pre.5
    cpe:2.3:a:lynx:lynx:2.8.1:pre.5
  • cpe:2.3:a:lynx:lynx:2.8.1:pre.4
    cpe:2.3:a:lynx:lynx:2.8.1:pre.4
  • cpe:2.3:a:lynx:lynx:2.8.1:pre.3
    cpe:2.3:a:lynx:lynx:2.8.1:pre.3
  • cpe:2.3:a:lynx:lynx:2.8.1:pre.2
    cpe:2.3:a:lynx:lynx:2.8.1:pre.2
  • cpe:2.3:a:lynx:lynx:2.8.1:pre.1
    cpe:2.3:a:lynx:lynx:2.8.1:pre.1
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.29
    cpe:2.3:a:lynx:lynx:2.8.1:dev.29
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.28
    cpe:2.3:a:lynx:lynx:2.8.1:dev.28
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.27
    cpe:2.3:a:lynx:lynx:2.8.1:dev.27
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.26
    cpe:2.3:a:lynx:lynx:2.8.1:dev.26
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.24
    cpe:2.3:a:lynx:lynx:2.8.1:dev.24
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.23
    cpe:2.3:a:lynx:lynx:2.8.1:dev.23
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.22
    cpe:2.3:a:lynx:lynx:2.8.1:dev.22
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.21
    cpe:2.3:a:lynx:lynx:2.8.1:dev.21
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.20
    cpe:2.3:a:lynx:lynx:2.8.1:dev.20
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.19
    cpe:2.3:a:lynx:lynx:2.8.1:dev.19
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.18
    cpe:2.3:a:lynx:lynx:2.8.1:dev.18
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.17
    cpe:2.3:a:lynx:lynx:2.8.1:dev.17
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.16
    cpe:2.3:a:lynx:lynx:2.8.1:dev.16
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.15
    cpe:2.3:a:lynx:lynx:2.8.1:dev.15
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.14
    cpe:2.3:a:lynx:lynx:2.8.1:dev.14
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.13
    cpe:2.3:a:lynx:lynx:2.8.1:dev.13
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.12
    cpe:2.3:a:lynx:lynx:2.8.1:dev.12
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.11
    cpe:2.3:a:lynx:lynx:2.8.1:dev.11
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.10
    cpe:2.3:a:lynx:lynx:2.8.1:dev.10
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.9
    cpe:2.3:a:lynx:lynx:2.8.1:dev.9
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.8
    cpe:2.3:a:lynx:lynx:2.8.1:dev.8
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.7
    cpe:2.3:a:lynx:lynx:2.8.1:dev.7
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.6
    cpe:2.3:a:lynx:lynx:2.8.1:dev.6
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.5
    cpe:2.3:a:lynx:lynx:2.8.1:dev.5
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.4
    cpe:2.3:a:lynx:lynx:2.8.1:dev.4
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.3
    cpe:2.3:a:lynx:lynx:2.8.1:dev.3
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.2
    cpe:2.3:a:lynx:lynx:2.8.1:dev.2
  • cpe:2.3:a:lynx:lynx:2.8.1:dev.1
    cpe:2.3:a:lynx:lynx:2.8.1:dev.1
CVSS
Base: 10.0 (as of 23-10-2008 - 10:04)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0965.NASL
    description From Red Hat Security Advisory 2008:0965 : An updated lynx package that corrects two security issues is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Lynx is a text-based Web browser. An arbitrary command execution flaw was found in the Lynx 'lynxcgi:' URI handler. An attacker could create a web page redirecting to a malicious URL that could execute arbitrary code as the user running Lynx in the non-default 'Advanced' user mode. (CVE-2008-4690) Note: In these updated lynx packages, Lynx will always prompt users before loading a 'lynxcgi:' URI. Additionally, the default lynx.cfg configuration file now marks all 'lynxcgi:' URIs as untrusted by default. A flaw was found in a way Lynx handled '.mailcap' and '.mime.types' configuration files. Files in the browser's current working directory were opened before those in the user's home directory. A local attacker, able to convince a user to run Lynx in a directory under their control, could possibly execute arbitrary commands as the user running Lynx. (CVE-2006-7234) All users of Lynx are advised to upgrade to this updated package, which contains backported patches correcting these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67759
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67759
    title Oracle Linux 3 / 4 / 5 : lynx (ELSA-2008-0965)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-9550.NASL
    description - Mon Nov 10 2008 Jiri Moskovcak 2.8.6-17 - Fixed CVE-2008-4690 lynx: remote arbitrary command execution. via a crafted lynxcgi: URL (thoger) - Fri May 30 2008 Jiri Moskovcak 2.8.6-16 - updated to latest stable upstream version 2.8.6rel5 - Fri May 23 2008 Dennis Gilmore - 2.8.6-15.1 - minor rebuild on sparc - Sat May 17 2008 Dennis Gilmore - 2.8.6-15 - even with the patches it still built wrong in koji. - limit -j to 24 for sparc - Thu May 8 2008 Dennis Gilmore - 2.8.6-14 - patch from ajax to fix parallel builds - additional patch from me for parallel builds - set default home page to start.fedoraproject.org Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 35016
    published 2008-12-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35016
    title Fedora 9 : lynx-2.8.6-17.fc9 (2008-9550)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0965.NASL
    description An updated lynx package that corrects two security issues is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Lynx is a text-based Web browser. An arbitrary command execution flaw was found in the Lynx 'lynxcgi:' URI handler. An attacker could create a web page redirecting to a malicious URL that could execute arbitrary code as the user running Lynx in the non-default 'Advanced' user mode. (CVE-2008-4690) Note: In these updated lynx packages, Lynx will always prompt users before loading a 'lynxcgi:' URI. Additionally, the default lynx.cfg configuration file now marks all 'lynxcgi:' URIs as untrusted by default. A flaw was found in a way Lynx handled '.mailcap' and '.mime.types' configuration files. Files in the browser's current working directory were opened before those in the user's home directory. A local attacker, able to convince a user to run Lynx in a directory under their control, could possibly execute arbitrary commands as the user running Lynx. (CVE-2006-7234) All users of Lynx are advised to upgrade to this updated package, which contains backported patches correcting these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 34503
    published 2008-10-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34503
    title CentOS 3 / 4 / 5 : lynx (CESA-2008:0965)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200909-15.NASL
    description The remote host is affected by the vulnerability described in GLSA-200909-15 (Lynx: Arbitrary command execution) Clint Ruoho reported that the fix for CVE-2005-2929 (GLSA 200511-09) only disabled the lynxcgi:// handler when not using the advanced mode. Impact : A remote attacker can entice a user to access a malicious HTTP server, causing Lynx to execute arbitrary commands. NOTE: The advanced mode is not enabled by default. Successful exploitation requires the 'lynxcgi://' protocol to be registered with lynx on the victim's system. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 40962
    published 2009-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40962
    title GLSA-200909-15 : Lynx: Arbitrary command execution
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0965.NASL
    description An updated lynx package that corrects two security issues is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Lynx is a text-based Web browser. An arbitrary command execution flaw was found in the Lynx 'lynxcgi:' URI handler. An attacker could create a web page redirecting to a malicious URL that could execute arbitrary code as the user running Lynx in the non-default 'Advanced' user mode. (CVE-2008-4690) Note: In these updated lynx packages, Lynx will always prompt users before loading a 'lynxcgi:' URI. Additionally, the default lynx.cfg configuration file now marks all 'lynxcgi:' URIs as untrusted by default. A flaw was found in a way Lynx handled '.mailcap' and '.mime.types' configuration files. Files in the browser's current working directory were opened before those in the user's home directory. A local attacker, able to convince a user to run Lynx in a directory under their control, could possibly execute arbitrary commands as the user running Lynx. (CVE-2006-7234) All users of Lynx are advised to upgrade to this updated package, which contains backported patches correcting these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 34505
    published 2008-10-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34505
    title RHEL 2.1 / 3 / 4 / 5 : lynx (RHSA-2008:0965)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-218.NASL
    description A vulnerability was found in the Lynxcgi: URI handler that could allow an attacker to create a web page redirecting to a malicious URL that would execute arbitrary code as the user running Lynx, if they were using the non-default Advanced user mode (CVE-2008-4690). This update corrects these issues and, in addition, makes Lynx always prompt the user before loading a lynxcgi: URI. As well, the default lynx.cfg configuration file marks all lynxcgi: URIs as untrusted.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 38035
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38035
    title Mandriva Linux Security Advisory : lynx (MDVSA-2008:218)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LYNX-5720.NASL
    description This update of lynx fixes a security bug that can be exploited by remote attackers to execute arbitrary commands when advanced mode is enabled and lynx is used as URL handler (CVE-2008-4690)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 34984
    published 2008-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34984
    title openSUSE 10 Security Update : lynx (lynx-5720)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-9952.NASL
    description - Fri Nov 7 2008 Jiri Moskovcak - 2.8.6-18 - Fixed CVE-2008-4690 lynx: remote arbitrary command execution. via a crafted lynxcgi: URL (thoger) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 37326
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37326
    title Fedora 10 : lynx-2.8.6-18.fc10 (2008-9952)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20081027_LYNX_ON_SL3_X.NASL
    description An arbitrary command execution flaw was found in the Lynx 'lynxcgi:' URI handler. An attacker could create a web page redirecting to a malicious URL that could execute arbitrary code as the user running Lynx in the non-default 'Advanced' user mode. (CVE-2008-4690) Note: In these updated lynx packages, Lynx will always prompt users before loading a 'lynxcgi:' URI. Additionally, the default lynx.cfg configuration file now marks all 'lynxcgi:' URIs as untrusted by default. A flaw was found in a way Lynx handled '.mailcap' and '.mime.types' configuration files. Files in the browser's current working directory were opened before those in the user's home directory. A local attacker, able to convince a user to run Lynx in a directory under their control, could possibly execute arbitrary commands as the user running Lynx. (CVE-2006-7234)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60486
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60486
    title Scientific Linux Security Update : lynx on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-9597.NASL
    description - Mon Nov 10 2008 Jiri Moskovcak - 2.8.6-12 - Fixed CVE-2008-4690 lynx: remote arbitrary command execution. via a crafted lynxcgi: URL (thoger) - Fri May 30 2008 Jiri Moskovcak - 2.8.6-11 - updated to latest upstream version 2.8.6rel5 - Resolves: #214205 - Wed Jan 9 2008 Jiri Moskovcak - 2.8.6-10 - added telnet, rsh, zip and unzip to BuildRequires - Resolves: #430508 - Wed Jan 9 2008 Jiri Moskovcak - 2.8.6-9 - fixed crash when using formatting character '$' in translation - Resolves: #426449 - Tue Dec 11 2007 Ivana Varekova - 2.8.6-8 - add default-colors option, change default setting (#409211) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 35017
    published 2008-12-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35017
    title Fedora 8 : lynx-2.8.6-12.fc8 (2008-9597)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_LYNX-081030.NASL
    description This update of lynx fixes a security bug that can be exploited by remote attackers to execute arbitrary commands when advanced mode is enabled and lynx is used as URL handler (CVE-2008-4690)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 40062
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40062
    title openSUSE Security Update : lynx (lynx-275)
oval via4
accepted 2013-04-29T04:12:19.376-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler.
family unix
id oval:org.mitre.oval:def:11204
status accepted
submitted 2010-07-09T03:56:16-04:00
title lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler.
version 24
redhat via4
advisories
bugzilla
id 468184
title CVE-2008-4690 lynx: remote arbitrary command execution via a crafted lynxcgi: URL
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhsa:tst:20060015001
    • comment lynx is earlier than 0:2.8.5-11.3
      oval oval:com.redhat.rhsa:tst:20080965002
    • comment lynx is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20080965003
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • comment lynx is earlier than 0:2.8.5-18.2.el4_7.1
      oval oval:com.redhat.rhsa:tst:20080965005
    • comment lynx is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20080965003
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • comment lynx is earlier than 0:2.8.5-28.1.el5_2.1
      oval oval:com.redhat.rhsa:tst:20080965007
    • comment lynx is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20080965008
rhsa
id RHSA-2008:0965
released 2008-10-27
severity Important
title RHSA-2008:0965: lynx security update (Important)
rpms
  • lynx-0:2.8.5-11.3
  • lynx-0:2.8.5-18.2.el4_7.1
  • lynx-0:2.8.5-28.1.el5_2.1
refmap via4
fedora
  • FEDORA-2008-9550
  • FEDORA-2008-9597
mandriva
  • MDVSA-2008:217
  • MDVSA-2008:218
mlist [oss-security] 20081009 lynx lynxcgi handler flaw
sectrack 1021105
secunia
  • 32416
  • 32967
  • 33568
suse SUSE-SR:2009:002
xf lynx-lynxcgi-code-execution(46228)
Last major update 21-08-2010 - 01:25
Published 22-10-2008 - 14:00
Last modified 28-09-2017 - 21:32
Back to Top