Lynx user? Upgrade it!

Published: 2005-11-15
Last Updated: 2005-11-15 15:59:27 UTC
by Pedro Bueno (Version: 4)
0 comment(s)
If you are a lynx user, prepare yourself to upgrade it.
According to an advisory from iDefense, there is a Command Injection Vulnerability on it, that "could allow attackers to execute arbitrary commands with the privileges of the underlying user.".

Some patch links:

Development version 2.8.6dev.15 has been released to address this issue and is available from the following URLs:

Alternately, an incremental patch is available at:

There is also a workaround (described in the bulletin) for those who can't upgrade.

Disable "lynxcgi" links by specifying the following directive in lynx.cfg:


Handler on Duty: Pedro Bueno (pbueno //%%// isc. sans. org)
0 comment(s)


Diary Archives