Upstream information

CVE-2008-4690 at MITRE

Description

lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 10
Vector AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entry: 439149 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Software Development Kit 11 SP4
  • lynx >= 2.8.6-143.19
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA lynx
SUSE Linux Enterprise SDK 10 SP2
  • lynx >= 2.8.5-51.6
core9.s390x
core9.s390
sle10-sp2-sdk.ppc
core9.ia64
sles9-nld.x86
sles9-nld.x86-64
sle10-sp2-sdk.x86-64
sle10-sp2-sdk.s390x
core9.ppc
sle10-sp2-sdk.ia64
core9.x86
sle10-sp2-sdk.x86
core9.x86-64
ZYPP Patch Nr: 5721
Novell Linux Desktop 9 SDK for x86
Novell Linux Desktop 9 SDK for x86_64
SLES SDK 9 for IBM S/390 and IBM zSeries
SLES SDK 9 for IBM iSeries and IBM pSeries
SLES SDK 9 for IBM zSeries
SLES SDK 9 for IPF
SLES SDK 9 for X86-64
SLES SDK 9 for x86
  • lynx >= 2.8.5-30.9
core9.s390x
core9.s390
sle10-sp2-sdk.ppc
core9.ia64
sles9-nld.x86
sles9-nld.x86-64
sle10-sp2-sdk.x86-64
sle10-sp2-sdk.s390x
core9.ppc
sle10-sp2-sdk.ia64
core9.x86
sle10-sp2-sdk.x86
core9.x86-64
ZYPP Patch Nr: 5721
openSUSE 11.0
  • lynx-debuginfo >= 2.8.6-109.2
openSUSE 11.0
  • lynx >= 2.8.6-109.2
openSUSE Leap 42.1
  • lynx >= 2.8.7-3.2
Patchnames:
openSUSE Leap 42.1 GA lynx
openSUSE Leap 42.2
  • lynx >= 2.8.7-4.4
Patchnames:
openSUSE Leap 42.2 GA lynx
openSUSE Leap 42.3
  • lynx >= 2.8.7-9.4
Patchnames:
openSUSE Leap 42.3 GA lynx
openSUSE Tumbleweed
  • lynx >= 2.8.8rel.2-4.13
Patchnames:
openSUSE Tumbleweed GA lynx