 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.62811 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Core 9 FEDORA-2008-9550 (lynx) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to lynx announced via advisory FEDORA-2008-9550. Lynx is a text-based Web browser. Lynx does not display any images, but it does support frames, tables, and most other HTML tags. One advantage Lynx has over graphical browsers is speed Lynx starts and exits quickly and swiftly displays webpages. ChangeLog: * Mon Nov 10 2008 Jiri Moskovcak 2.8.6-17 - Fixed CVE-2008-4690 lynx: remote arbitrary command execution. via a crafted lynxcgi: URL (thoger) * Fri May 30 2008 Jiri Moskovcak 2.8.6-16 - updated to latest stable upstream version 2.8.6rel5 * Fri May 23 2008 Dennis Gilmore - 2.8.6-15.1 - minor rebuild on sparc * Sat May 17 2008 Dennis Gilmore - 2.8.6-15 - even with the patches it still built wrong in koji. - limit -j to 24 for sparc * Thu May 8 2008 Dennis Gilmore - 2.8.6-14 - patch from ajax to fix parallel builds - additional patch from me for parallel builds - set default home page to start.fedoraproject.org References: [ 1 ] Bug #468184 - CVE-2008-4690 lynx: remote arbitrary command execution via a crafted lynxcgi: URL https://bugzilla.redhat.com/show_bug.cgi?id=468184 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update lynx' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2008-9550 Risk factor : Critical CVSS Score: 10.0 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-4690 https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00066.html https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00143.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:217 http://www.mandriva.com/security/advisories?name=MDVSA-2008:218 http://www.openwall.com/lists/oss-security/2008/10/09/2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11204 http://www.redhat.com/support/errata/RHSA-2008-0965.html http://www.securitytracker.com/id?1021105 http://secunia.com/advisories/32416 http://secunia.com/advisories/32967 http://secunia.com/advisories/33568 SuSE Security Announcement: SUSE-SR:2009:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html XForce ISS Database: lynx-lynxcgi-code-execution(46228) https://exchange.xforce.ibmcloud.com/vulnerabilities/46228 |
| Copyright | Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |