exploits , vulnerabilities , articles , Lynx NNTP Article Header Buffer Overflow Vulnerability

Title	Lynx NNTP Article Header Buffer Overflow Vulnerability
Published	2005-10-17-12:00AM
Updated	2005-12-19-04:21PM
Class	Boundary Condition Error
CVE	CAN-2005-3120 CVE-2005-3120
Remote	Yes
Local	No
Credit	Discovery is credited to Ulf Harnhammar.
Vulnerable	University of Kansas Lynx 2.8.6 dev9 University of Kansas Lynx 2.8.6 dev8 University of Kansas Lynx 2.8.6 dev7 University of Kansas Lynx 2.8.6 dev6 University of Kansas Lynx 2.8.6 dev5 University of Kansas Lynx 2.8.6 dev4 University of Kansas Lynx 2.8.6 dev3 University of Kansas Lynx 2.8.6 dev2 University of Kansas Lynx 2.8.6 dev13 University of Kansas Lynx 2.8.6 dev12 University of Kansas Lynx 2.8.6 dev11 University of Kansas Lynx 2.8.6 dev10 University of Kansas Lynx 2.8.6 dev1 University of Kansas Lynx 2.8.5 dev.8 MandrakeSoft Linux Mandrake 7.2 MandrakeSoft Linux Mandrake 8.0 MandrakeSoft Linux Mandrake 8.0 ppc MandrakeSoft Linux Mandrake 8.1 MandrakeSoft Linux Mandrake 8.1 ia64 MandrakeSoft Linux Mandrake 8.2 MandrakeSoft Linux Mandrake 8.2 ppc MandrakeSoft Linux Mandrake 9.0 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Single Network Firewall 7.2 University of Kansas Lynx 2.8.5 dev.5 University of Kansas Lynx 2.8.5 dev.4 University of Kansas Lynx 2.8.5 dev.3 University of Kansas Lynx 2.8.5 dev.2 University of Kansas Lynx 2.8.5 University of Kansas Lynx 2.8.4 rel.1 University of Kansas Lynx 2.8.4 Caldera OpenLinux Server 3.1 Caldera OpenLinux Server 3.1.1 Caldera OpenLinux Workstation 3.1 Caldera OpenLinux Workstation 3.1.1 Conectiva Linux 7.0 Conectiva Linux 8.0 Debian Linux 3.0 RedHat Linux for iSeries 7.1 RedHat Linux for pSeries 7.1 Sun Linux 5.0.6 Trustix Secure Linux 1.1 Trustix Secure Linux 1.2 Trustix Secure Linux 1.5 University of Kansas Lynx 2.8.3 rel.1 University of Kansas Lynx 2.8.3 pre.5 University of Kansas Lynx 2.8.3 dev2x University of Kansas Lynx 2.8.3 dev.22 University of Kansas Lynx 2.8.3 Debian Linux 2.2 University of Kansas Lynx 2.8.2 rel.1 University of Kansas Lynx 2.8.1 University of Kansas Lynx 2.8 University of Kansas Lynx 2.7 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Secure Enterprise Linux 2.0 Slackware Linux 10.2 Slackware Linux 10.1 Slackware Linux 10.0 Slackware Linux 9.1 Slackware Linux 9.0 Slackware Linux 8.1 Slackware Linux current SGI Advanced Linux Environment 3.0 SCO Unixware 7.1.4 SCO Unixware 7.1.3 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. OpenEnterpriseServer 9.0 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 9.0 x86_64 S.u.S.E. Linux Professional 9.0 S.u.S.E. Linux Professional 8.2 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Enterprise Server 8 S.u.S.E. Linux Desktop 1.0 RedHat Linux 9.0 i386 RedHat Linux 7.3 i386 RedHat Fedora Core4 RedHat Fedora Core3 RedHat Fedora Core2 RedHat Fedora Core1 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux AS 2.1 RedHat Desktop 4.0 RedHat Desktop 3.0 RedHat Advanced Workstation for the Itanium Processor 2.1 IA64 OpenPKG OpenPKG 2.5 OpenPKG OpenPKG 2.4 OpenPKG OpenPKG 2.3 OpenPKG OpenPKG Current Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia64 Debian Linux 3.1 ia32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia64 Debian Linux 3.0 ia32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0 Conectiva Linux 10.0
Not Vulnerable	University of Kansas Lynx 2.8.6 dev14
Code	A proof-of-concept denial of service exploit is included in the attached 'lynx-data.zip' file: /data/vulnerabilities/exploits/lynx-data.zip /data/vulnerabilities/exploits/lynx-data.zip /data/vulnerabilities/exploits/lynx-data.zip /data/vulnerabilities/exploits/lynx-data.zip
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-18 Drupal Contact and Menu Modules Multiple HTML Injection Vulnerabilities
• 2009-12-18 Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
• 2009-12-18 Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
• 2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
• 2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
• 2009-12-17 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities
• 2009-12-17 HP OpenView Storage Data Protector Stack Buffer Overflow Vulnerability
• 2009-12-17 IBM WebSphere Application Server Feature Pack for CEA Spoofing Vulnerability
• 2009-12-17 Digital Scribe Cross Site Scripting and SQL Injection Vulnerabilities
• 2009-12-17 WP-Forum WordPress Plugin Multiple SQL Injection Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Fri, 18 Dec 2009 17:02:09 +0000