CVE-2005-3120
Summary
| CVE | CVE-2005-3120 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2005-10-17 20:06:00 UTC |
|---|
| Updated | 2024-02-02 14:00:00 UTC |
|---|
| Description | Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Secunia - Advisories - Debian update for lynx |
SECUNIA |
secunia.com |
|
| USN-206-1: Lynx vulnerability | Ubuntu security notices |
UBUNTU |
usn.ubuntu.com |
|
| The Slackware Linux Project: Slackware Security Advisories |
SLACKWARE |
slackware.com |
|
| Debian update for lynx-cur - Advisories - Secunia |
SECUNIA |
secunia.com |
|
| Secunia - Advisories - Gentoo update for lynx |
SECUNIA |
secunia.com |
|
| Secunia - Advisories - Lynx "HTrjis()" NNTP Buffer Overflow Vulnerability |
SECUNIA |
secunia.com |
|
| Secunia - Advisories - UnixWare update for lynx |
SECUNIA |
secunia.com |
|
| SecurityTracker.com Archives - Lynx Buffer Overflow in HTrjis() in Processing NNTP Headers Lets Remote Users Execute Arbitrary Code |
SECTRACK |
securitytracker.com |
|
| Secunia - Advisories - Avaya S87XX/S8500/S8300 Lynx "HTrjis()" NNTP Buffer Overflow |
SECUNIA |
secunia.com |
|
| Gentoo Linux Documentation
--
Lynx: Buffer overflow in NNTP processing |
GENTOO |
www.gentoo.org |
|
| SecurityFocus |
BUGTRAQ |
www.securityfocus.com |
|
| Secunia - Advisories - Debian update for lynx-ssl |
SECUNIA |
secunia.com |
|
| Secunia - Advisories - Slackware update for lynx |
SECUNIA |
secunia.com |
|
| Advisories - Mandriva |
MANDRIVA |
www.mandriva.com |
|
| TSLSA-2005-0059 - multi |
TRUSTIX |
lists.trustix.org |
|
| SCOSA-2006.7 |
SCO |
ftp.sco.com |
|
| Secunia - Advisories - SCO OpenServer update for lynx |
SECUNIA |
secunia.com |
|
| Security Announcement |
SUSE |
www.novell.com |
|
| Secunia - Advisories - Fedora update for lynx |
SECUNIA |
secunia.com |
|
| 170253 – (CVE-2005-3120) CAN-2005-3120 lynx buffer overflow |
MISC |
bugzilla.redhat.com |
Vendor Advisory |
| Secunia - Advisories - Red Hat update for lynx |
SECUNIA |
secunia.com |
|
| SecurityFocus |
FEDORA |
www.securityfocus.com |
|
| Lynx NNTP Article Header Buffer Overflow Vulnerability |
BID |
www.securityfocus.com |
|
| OpenPKG Project: Security: Security Advisories |
OPENPKG |
www.openpkg.org |
|
| Debian -- Security Information -- DSA-876-1 lynx-ssl |
DEBIAN |
www.debian.org |
|
| SCOSA-2005.47 |
SCO |
ftp.sco.com |
|
| 1. Overview: |
CONFIRM |
support.avaya.com |
|
| Debian -- Security Information -- DSA-1085-1 lynx-cur |
DEBIAN |
www.debian.org |
|
| Secunia - Advisories - Mandriva update for lynx |
SECUNIA |
secunia.com |
|
| Repository / Oval Repository |
OVAL |
oval.cisecurity.org |
|
| Secunia - Advisories - SUSE Updates for Multiple Packages |
SECUNIA |
secunia.com |
|
| rhn.redhat.com | Red Hat Support |
REDHAT |
www.redhat.com |
Vendor Advisory |
| Secunia - Advisories - Ubuntu update for lynx |
SECUNIA |
secunia.com |
|
| [Full-disclosure] Lynx Remote Buffer Overflow |
FULLDISC |
lists.grok.org.uk |
Patch, Vendor Advisory |
| Debian -- Security Information -- DSA-874-1 lynx |
DEBIAN |
www.debian.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|
| Red Hat | 2007-03-14 | Mark J Cox | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
There are currently no legacy QID mappings associated with this CVE.
