header-logo
Suggest Exploit
vendor:
Lynx
by:
Unknown
7.5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: Lynx
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested: Linux, Mac
Unknown

Buffer Overflow in Lynx’s Mailer

There exists a buffer overflow in Lynx's built-in mailer that can be exploited when the victim tries to follow a hyperlink. Lynx makes blind assumption on e-mail address length, and sprintfs it into 512-bytes long buffer. The vulnerability is in LMail.c as part of the processing of "mailto:" URLs. The overflow can be triggered by using a 'mailto' hyperlink with a large amount of data, specifically over 2 kB of 'A's. This can lead to arbitrary code execution or a denial of service.

Mitigation:

The vendor has not provided a patch or mitigation for this vulnerability. It is recommended to avoid using Lynx's built-in mailer or to update to a newer version if available.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/100/info

There exists a buffer overflow in Lynx's built-in mailer that can be exploited when when the victim tries to follow a hyperlink. Lynx makes blind assumption on e-mail address length, and sprintfs it into 512-bytes long buffer. The vulnerability is in LMail.c as part of the processing of "mailto:" URLs.

<a href="mailto:AAAAAAAAA[...about 3 kB...]AAAA">MAIL ME!</a>

(you should use over 2 kB of 'A's, because there are also other small
buffers on lynx's stack at the time)

Navigation

Suggest Exploit

Services By CQR