Scientific Linux Security Update : lynx on SL3.x, SL4.x, SL5.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.

Synopsis :

The remote Scientific Linux host is missing a security update.

Description :

An arbitrary command execution flaw was found in the Lynx 'lynxcgi:'
URI handler. An attacker could create a web page redirecting to a
malicious URL that could execute arbitrary code as the user running
Lynx in the non-default 'Advanced' user mode. (CVE-2008-4690)

Note: In these updated lynx packages, Lynx will always prompt users
before loading a 'lynxcgi:' URI. Additionally, the default lynx.cfg
configuration file now marks all 'lynxcgi:' URIs as untrusted by

A flaw was found in a way Lynx handled '.mailcap' and '.mime.types'
configuration files. Files in the browser's current working directory
were opened before those in the user's home directory. A local
attacker, able to convince a user to run Lynx in a directory under
their control, could possibly execute arbitrary commands as the user
running Lynx. (CVE-2006-7234)

See also :

Solution :

Update the affected lynx package.

Risk factor :

Critical / CVSS Base Score : 10.0

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60486 ()

Bugtraq ID:

CVE ID: CVE-2006-7234

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now