Home > Security > Advisories


Mandriva Advisories

Package name lynx
Date October 26th, 2005
Advisory ID MDKSA-2005:186-1
Affected versions 10.1, CS2.1, CS3.0, MNF2.0, 10.2, 2006.0
Synopsis Updated lynx packages fix remote buffer overflow

Problem Description

Ulf Harnhammar discovered a remote buffer overflow in lynx versions
2.8.2 through 2.8.5.

When Lynx connects to an NNTP server to fetch information about the
available articles in a newsgroup, it will call a function called
HTrjis() with the information from certain article headers. The
function adds missing ESC characters to certain data, to support
Asian character sets. However, it does not check if it writes outside
of the char array buf, and that causes a remote stack-based buffer
overflow, with full control over EIP, EBX, EBP, ESI and EDI.

Two attack vectors to make a victim visit a URL to a dangerous news
server are: (a) *redirecting scripts*, where the victim visits some
web page and it redirects automatically to a malicious URL, and
(b) *links in web pages*, where the victim visits some web page
and selects a link on the page to a malicious URL. Attack vector
(b) is helped by the fact that Lynx does not automatically display
where links lead to, unlike many graphical web browsers.

The updated packages have been patched to address this issue.


The previous patchset had a bug in the patches themselves, which was
uncovered by Klaus Singvogel of Novell/SUSE in auditing crashes on
some architectures.

Updated Packages

Mandrakelinux 10.1

 80e0addf6efd297866bba33f4b8070b6  10.1/RPMS/lynx-2.8.5-1.2.101mdk.i586.rpm
 13e5e506a05b448426d639d5e88a8896  10.1/SRPMS/lynx-2.8.5-1.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 db1f977046a8e8abd7d45d7345fde701  x86_64/10.1/RPMS/lynx-2.8.5-1.2.101mdk.x86_64.rpm
 13e5e506a05b448426d639d5e88a8896  x86_64/10.1/SRPMS/lynx-2.8.5-1.2.101mdk.src.rpm

Corporate Server 2.1

 8f85c354b06417711e13abe45dcbf0d8  corporate/2.1/RPMS/lynx-2.8.5-0.10.3.C21mdk.dev.8.i586.rpm
 74becbc3b1be96908c069180e36ff3b2  corporate/2.1/SRPMS/lynx-2.8.5-0.10.3.C21mdk.dev.8.src.rpm

Corporate Server 2.1/X86_64

 0a4e7145d0920dde82734f8036c50baa  x86_64/corporate/2.1/RPMS/lynx-2.8.5-0.10.3.C21mdk.dev.8.x86_64.rpm
 74becbc3b1be96908c069180e36ff3b2  x86_64/corporate/2.1/SRPMS/lynx-2.8.5-0.10.3.C21mdk.dev.8.src.rpm

Corporate Server 3.0

 a8ab3968700c864e01df9c74ccb017ca  corporate/3.0/RPMS/lynx-2.8.5-1.2.C30mdk.i586.rpm
 221f02f4e097a52c261bb6b3bfc2bbab  corporate/3.0/SRPMS/lynx-2.8.5-1.2.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 af94e8d31c6a756137dd04351ad61f08  x86_64/corporate/3.0/RPMS/lynx-2.8.5-1.2.C30mdk.x86_64.rpm
 221f02f4e097a52c261bb6b3bfc2bbab  x86_64/corporate/3.0/SRPMS/lynx-2.8.5-1.2.C30mdk.src.rpm

Multi Network Firewall 2.0

 6f0684f762fa2ac999d7ef2517525152  mnf/2.0/RPMS/lynx-2.8.5-1.2.M20mdk.i586.rpm
 13cad2c8ec6a61159e5b580758dad58b  mnf/2.0/SRPMS/lynx-2.8.5-1.2.M20mdk.src.rpm

Mandriva Linux LE2005

 d8007bd3e271f0f602babf443d9d2304  10.2/RPMS/lynx-2.8.5-1.2.102mdk.i586.rpm
 60109bc6dc9630175c87dd66c23a8e05  10.2/SRPMS/lynx-2.8.5-1.2.102mdk.src.rpm

Mandriva Linux LE2005/X86_64

 9ceb656aac6be9eb6af021a2bfd661a6  x86_64/10.2/RPMS/lynx-2.8.5-1.2.102mdk.x86_64.rpm
 60109bc6dc9630175c87dd66c23a8e05  x86_64/10.2/SRPMS/lynx-2.8.5-1.2.102mdk.src.rpm

Mandriva Linux 2006

 f7887db43f04613eef47a56fd175a1cb  2006.0/RPMS/lynx-2.8.5-4.2.20060mdk.i586.rpm
 b121d10b5f27c29b8096c64c6c4416bb  2006.0/SRPMS/lynx-2.8.5-4.2.20060mdk.src.rpm

Mandriva Linux 2006/X86_64

 55cbe960a042601656919aa944602de2  x86_64/2006.0/RPMS/lynx-2.8.5-4.2.20060mdk.x86_64.rpm
 b121d10b5f27c29b8096c64c6c4416bb  x86_64/2006.0/SRPMS/lynx-2.8.5-4.2.20060mdk.src.rpm




To upgrade automatically, use MandrivaUpdate.


Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.