Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Lynx user? Upgrade it! InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Lynx user? Upgrade it!

Published: 2005-11-15
Last Updated: 2005-11-15 15:59:27 UTC
by Pedro Bueno (Version: 4)
0 comment(s)
If you are a lynx user, prepare yourself to upgrade it.
According to an advisory from iDefense, there is a Command Injection Vulnerability on it, that "could allow attackers to execute arbitrary commands with the privileges of the underlying user.".

Some patch links:

Development version 2.8.6dev.15 has been released to address this issue and is available from the following URLs:

Alternately, an incremental patch is available at:

There is also a workaround (described in the bulletin) for those who can't upgrade.

Disable "lynxcgi" links by specifying the following directive in lynx.cfg:


Handler on Duty: Pedro Bueno (pbueno //%%// isc. sans. org)
0 comment(s)
Diary Archives