Lynx < 2.8.5 dev 6 Syslog URI Format String

High Nessus Network Monitor Plugin ID 1737

Synopsis

The remote host is using Lynx as a web browser.

Description

The remote host is using Lynx as a web browser. The version used is vulnerable to a format string vulnerability (present only when the syslog() is activated for URIs). An attacker may use this flaw by setting up a rogue web server with a malformed URI that contains a format string. The attacker would then be able to execute commands with the privileges of the user.

Solution

Upgrade to Lynx 2.8.5 dev 6 or higher.

Plugin Details

Severity: High

ID: 1737

File Name: 1737.prm

Family: Web Clients

Published: 2004/08/20

Modified: 2016/02/05

Dependencies: 1735, 8314

Risk Information

Risk Factor: High

Vulnerability Information

CPE: cpe:/a:lynx:lynx

Reference Information

BID: 6696