Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Lynx < 2.8.5 dev 6 Syslog URI Format String

High

Synopsis

N/A

Description

The remote host is using Lynx as a web browser. The version used is vulnerable to a format string vulnerability (present only when the syslog() is activated for URIs). An attacker may use this flaw by setting up a rogue web server with a malformed URI that contains a format string. The attacker would then be able to execute commands with the privileges of the user.

Solution

Upgrade to Lynx 2.8.5 dev 6 or higher.