CVE-2005-3120

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2005-3120
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt Broken Link
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txt Broken Link
http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html Broken Link Patch Vendor Advisory
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html Broken Link
http://secunia.com/advisories/17150 Broken Link
http://secunia.com/advisories/17216 Broken Link
http://secunia.com/advisories/17230 Broken Link
http://secunia.com/advisories/17231 Broken Link
http://secunia.com/advisories/17238 Broken Link
http://secunia.com/advisories/17248 Broken Link
http://secunia.com/advisories/17340 Broken Link
http://secunia.com/advisories/17360 Broken Link
http://secunia.com/advisories/17444 Broken Link
http://secunia.com/advisories/17445 Broken Link
http://secunia.com/advisories/17480 Broken Link
http://secunia.com/advisories/18376 Broken Link
http://secunia.com/advisories/18584 Broken Link
http://secunia.com/advisories/20383 Broken Link
http://securitytracker.com/id?1015065 Broken Link Third Party Advisory VDB Entry
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.423056 Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2006-010.htm Third Party Advisory
http://www.debian.org/security/2005/dsa-874 Mailing List Third Party Advisory
http://www.debian.org/security/2005/dsa-876 Mailing List Third Party Advisory
http://www.debian.org/security/2006/dsa-1085 Mailing List Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200510-15.xml Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:186 Third Party Advisory
http://www.novell.com/linux/security/advisories/2005_25_sr.html Broken Link
http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.html Broken Link
http://www.redhat.com/support/errata/RHSA-2005-803.html Broken Link Vendor Advisory
http://www.securityfocus.com/archive/1/419763/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/435689/30/4740/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/15117 Broken Link Third Party Advisory VDB Entry
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253 Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9257 Broken Link
https://usn.ubuntu.com/206-1/ Broken Link
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt Broken Link
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txt Broken Link
http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html Broken Link Patch Vendor Advisory
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html Broken Link
http://secunia.com/advisories/17150 Broken Link
http://secunia.com/advisories/17216 Broken Link
http://secunia.com/advisories/17230 Broken Link
http://secunia.com/advisories/17231 Broken Link
http://secunia.com/advisories/17238 Broken Link
http://secunia.com/advisories/17248 Broken Link
http://secunia.com/advisories/17340 Broken Link
http://secunia.com/advisories/17360 Broken Link
http://secunia.com/advisories/17444 Broken Link
http://secunia.com/advisories/17445 Broken Link
http://secunia.com/advisories/17480 Broken Link
http://secunia.com/advisories/18376 Broken Link
http://secunia.com/advisories/18584 Broken Link
http://secunia.com/advisories/20383 Broken Link
http://securitytracker.com/id?1015065 Broken Link Third Party Advisory VDB Entry
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.423056 Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2006-010.htm Third Party Advisory
http://www.debian.org/security/2005/dsa-874 Mailing List Third Party Advisory
http://www.debian.org/security/2005/dsa-876 Mailing List Third Party Advisory
http://www.debian.org/security/2006/dsa-1085 Mailing List Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200510-15.xml Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:186 Third Party Advisory
http://www.novell.com/linux/security/advisories/2005_25_sr.html Broken Link
http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.html Broken Link
http://www.redhat.com/support/errata/RHSA-2005-803.html Broken Link Vendor Advisory
http://www.securityfocus.com/archive/1/419763/100/0/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/435689/30/4740/threaded Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/15117 Broken Link Third Party Advisory VDB Entry
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253 Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9257 Broken Link
https://usn.ubuntu.com/206-1/ Broken Link
Configurations

Configuration 1 (hide)

cpe:2.3:a:invisible-island:lynx:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
History

21 Nov 2024, 00:01

Type Values Removed Values Added
References () ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt - Broken Link () ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt - Broken Link
References () ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txt - Broken Link () ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txt - Broken Link
References () http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html - Broken Link, Patch, Vendor Advisory () http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html - Broken Link, Patch, Vendor Advisory
References () http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html - Broken Link () http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html - Broken Link
References () http://secunia.com/advisories/17150 - Broken Link () http://secunia.com/advisories/17150 - Broken Link
References () http://secunia.com/advisories/17216 - Broken Link () http://secunia.com/advisories/17216 - Broken Link
References () http://secunia.com/advisories/17230 - Broken Link () http://secunia.com/advisories/17230 - Broken Link
References () http://secunia.com/advisories/17231 - Broken Link () http://secunia.com/advisories/17231 - Broken Link
References () http://secunia.com/advisories/17238 - Broken Link () http://secunia.com/advisories/17238 - Broken Link
References () http://secunia.com/advisories/17248 - Broken Link () http://secunia.com/advisories/17248 - Broken Link
References () http://secunia.com/advisories/17340 - Broken Link () http://secunia.com/advisories/17340 - Broken Link
References () http://secunia.com/advisories/17360 - Broken Link () http://secunia.com/advisories/17360 - Broken Link
References () http://secunia.com/advisories/17444 - Broken Link () http://secunia.com/advisories/17444 - Broken Link
References () http://secunia.com/advisories/17445 - Broken Link () http://secunia.com/advisories/17445 - Broken Link
References () http://secunia.com/advisories/17480 - Broken Link () http://secunia.com/advisories/17480 - Broken Link
References () http://secunia.com/advisories/18376 - Broken Link () http://secunia.com/advisories/18376 - Broken Link
References () http://secunia.com/advisories/18584 - Broken Link () http://secunia.com/advisories/18584 - Broken Link
References () http://secunia.com/advisories/20383 - Broken Link () http://secunia.com/advisories/20383 - Broken Link
References () http://securitytracker.com/id?1015065 - Broken Link, Third Party Advisory, VDB Entry () http://securitytracker.com/id?1015065 - Broken Link, Third Party Advisory, VDB Entry
References () http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.423056 - Broken Link () http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.423056 - Broken Link
References () http://support.avaya.com/elmodocs2/security/ASA-2006-010.htm - Third Party Advisory () http://support.avaya.com/elmodocs2/security/ASA-2006-010.htm - Third Party Advisory
References () http://www.debian.org/security/2005/dsa-874 - Mailing List, Third Party Advisory () http://www.debian.org/security/2005/dsa-874 - Mailing List, Third Party Advisory
References () http://www.debian.org/security/2005/dsa-876 - Mailing List, Third Party Advisory () http://www.debian.org/security/2005/dsa-876 - Mailing List, Third Party Advisory
References () http://www.debian.org/security/2006/dsa-1085 - Mailing List, Third Party Advisory () http://www.debian.org/security/2006/dsa-1085 - Mailing List, Third Party Advisory
References () http://www.gentoo.org/security/en/glsa/glsa-200510-15.xml - Third Party Advisory () http://www.gentoo.org/security/en/glsa/glsa-200510-15.xml - Third Party Advisory
References () http://www.mandriva.com/security/advisories?name=MDKSA-2005:186 - Third Party Advisory () http://www.mandriva.com/security/advisories?name=MDKSA-2005:186 - Third Party Advisory
References () http://www.novell.com/linux/security/advisories/2005_25_sr.html - Broken Link () http://www.novell.com/linux/security/advisories/2005_25_sr.html - Broken Link
References () http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.html - Broken Link () http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2005-803.html - Broken Link, Vendor Advisory () http://www.redhat.com/support/errata/RHSA-2005-803.html - Broken Link, Vendor Advisory
References () http://www.securityfocus.com/archive/1/419763/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/419763/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/archive/1/435689/30/4740/threaded - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/435689/30/4740/threaded - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securityfocus.com/bid/15117 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/15117 - Broken Link, Third Party Advisory, VDB Entry
References () https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253 - Issue Tracking () https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253 - Issue Tracking
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9257 - Broken Link () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9257 - Broken Link
References () https://usn.ubuntu.com/206-1/ - Broken Link () https://usn.ubuntu.com/206-1/ - Broken Link

02 Feb 2024, 14:00

Type Values Removed Values Added
CWE NVD-CWE-Other CWE-131
References (SECUNIA) http://secunia.com/advisories/18584 - (SECUNIA) http://secunia.com/advisories/18584 - Broken Link
References (SECUNIA) http://secunia.com/advisories/17231 - (SECUNIA) http://secunia.com/advisories/17231 - Broken Link
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDKSA-2005:186 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDKSA-2005:186 - Third Party Advisory
References (SECTRACK) http://securitytracker.com/id?1015065 - (SECTRACK) http://securitytracker.com/id?1015065 - Broken Link, Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/17238 - (SECUNIA) http://secunia.com/advisories/17238 - Broken Link
References (FULLDISC) http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html - Patch, Vendor Advisory (FULLDISC) http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html - Broken Link, Patch, Vendor Advisory
References (BUGTRAQ) http://www.securityfocus.com/archive/1/435689/30/4740/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/435689/30/4740/threaded - Broken Link, Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/17248 - (SECUNIA) http://secunia.com/advisories/17248 - Broken Link
References (DEBIAN) http://www.debian.org/security/2005/dsa-876 - (DEBIAN) http://www.debian.org/security/2005/dsa-876 - Mailing List, Third Party Advisory
References (DEBIAN) http://www.debian.org/security/2005/dsa-874 - (DEBIAN) http://www.debian.org/security/2005/dsa-874 - Mailing List, Third Party Advisory
References (OPENPKG) http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.html - (OPENPKG) http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.html - Broken Link
References (UBUNTU) https://usn.ubuntu.com/206-1/ - (UBUNTU) https://usn.ubuntu.com/206-1/ - Broken Link
References (SECUNIA) http://secunia.com/advisories/17340 - (SECUNIA) http://secunia.com/advisories/17340 - Broken Link
References (BID) http://www.securityfocus.com/bid/15117 - (BID) http://www.securityfocus.com/bid/15117 - Broken Link, Third Party Advisory, VDB Entry
References (SUSE) http://www.novell.com/linux/security/advisories/2005_25_sr.html - (SUSE) http://www.novell.com/linux/security/advisories/2005_25_sr.html - Broken Link
References (SCO) ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txt - (SCO) ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txt - Broken Link
References (FEDORA) http://www.securityfocus.com/archive/1/419763/100/0/threaded - (FEDORA) http://www.securityfocus.com/archive/1/419763/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References (SCO) ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt - (SCO) ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt - Broken Link
References (GENTOO) http://www.gentoo.org/security/en/glsa/glsa-200510-15.xml - (GENTOO) http://www.gentoo.org/security/en/glsa/glsa-200510-15.xml - Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/17230 - (SECUNIA) http://secunia.com/advisories/17230 - Broken Link
References (SECUNIA) http://secunia.com/advisories/18376 - (SECUNIA) http://secunia.com/advisories/18376 - Broken Link
References (SLACKWARE) http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.423056 - (SLACKWARE) http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.423056 - Broken Link
References (SECUNIA) http://secunia.com/advisories/17150 - (SECUNIA) http://secunia.com/advisories/17150 - Broken Link
References (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9257 - (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9257 - Broken Link
References (TRUSTIX) http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html - (TRUSTIX) http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html - Broken Link
References (SECUNIA) http://secunia.com/advisories/17445 - (SECUNIA) http://secunia.com/advisories/17445 - Broken Link
References (DEBIAN) http://www.debian.org/security/2006/dsa-1085 - (DEBIAN) http://www.debian.org/security/2006/dsa-1085 - Mailing List, Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/17216 - (SECUNIA) http://secunia.com/advisories/17216 - Broken Link
References (SECUNIA) http://secunia.com/advisories/17444 - (SECUNIA) http://secunia.com/advisories/17444 - Broken Link
References (SECUNIA) http://secunia.com/advisories/17480 - (SECUNIA) http://secunia.com/advisories/17480 - Broken Link
References (SECUNIA) http://secunia.com/advisories/20383 - (SECUNIA) http://secunia.com/advisories/20383 - Broken Link
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2005-803.html - Vendor Advisory (REDHAT) http://www.redhat.com/support/errata/RHSA-2005-803.html - Broken Link, Vendor Advisory
References (CONFIRM) http://support.avaya.com/elmodocs2/security/ASA-2006-010.htm - (CONFIRM) http://support.avaya.com/elmodocs2/security/ASA-2006-010.htm - Third Party Advisory
References (MISC) https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253 - Vendor Advisory (MISC) https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253 - Issue Tracking
References (SECUNIA) http://secunia.com/advisories/17360 - (SECUNIA) http://secunia.com/advisories/17360 - Broken Link
CPE cpe:2.3:a:university_of_kansas:lynx:2.8.6_dev13:*:*:*:*:*:*:*
cpe:2.3:a:university_of_kansas:lynx:2.8.4:*:*:*:*:*:*:*
cpe:2.3:a:university_of_kansas:lynx:2.8.3:*:*:*:*:*:*:*
cpe:2.3:a:university_of_kansas:lynx:2.8.6:*:*:*:*:*:*:*		 cpe:2.3:a:invisible-island:lynx:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
First Time Invisible-island
Debian
Debian debian Linux
Invisible-island lynx
CVSS v2 : 7.5
v3 : unknown 		v2 : 7.5
v3 : 9.8
Information

Published : 2005-10-17 20:06

Updated : 2024-11-21 00:01

NVD link : CVE-2005-3120

Mitre link : CVE-2005-3120

CVE.ORG link : CVE-2005-3120

JSON object : View

Products Affected

debian

  • debian_linux

invisible-island

  • lynx
CWE
CWE-131

Incorrect Calculation of Buffer Size


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024