[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

lynx-dev [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock /

From: Marc Heuse
Subject: lynx-dev [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x (fwd)
Date: Wed, 1 Sep 1999 23:13:01 +0200 (MEST)


this vulnerability was found some weeks ago ... when ( - if - ) will be an
security update available? thanks for your time.

lynx and telnet://

Compromise: remote messing with files, maybe more?

Lynx has a problem coming from calling external programs to handle
protocols like telnet://. Example: attempt of viewing 'telnet://-n.rhosts'
URL will result in empty, new and shiny .rhosts file. Unfortunately, as
telnet client has session logging off by default, no idea how to put
something there?

   Marc Heuse, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
   address@hidden: address@hidden  Function: Security Support & Auditing
   "lynx -source | pgp -fka"
Key fingerprint = B5 07 B6 4E 9C EF 27 EE  16 D9 70 D4 87 B5 63 6C

reply via email to

[Prev in Thread] Current Thread [Next in Thread]