Vulnerability CVE-2005-3120

Vulnerability Name:

CVE-2005-3120 (CCN-22755)

Assigned:

2005-10-17

Published:

2005-10-17

Updated:

2018-10-19

Summary:

Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: SCO
Type: UNKNOWN
SCOSA-2006.7

Source: SCO
Type: UNKNOWN
SCOSA-2005.47

Source: MITRE
Type: CNA
CVE-2005-3120

Source: FULLDISC
Type: Patch, Vendor Advisory
20051017 Lynx Remote Buffer Overflow

Source: TRUSTIX
Type: UNKNOWN
TSLSA-2005-0059

Source: CCN
Type: Lynx Web site
Lynx Information

Source: CCN
Type: RHSA-2005-803
lynx security update

Source: SECUNIA
Type: UNKNOWN
17150

Source: CCN
Type: SA17216
Lynx "HTrjis()" NNTP Buffer Overflow Vulnerability

Source: SECUNIA
Type: UNKNOWN
17216

Source: SECUNIA
Type: UNKNOWN
17230

Source: SECUNIA
Type: UNKNOWN
17231

Source: SECUNIA
Type: UNKNOWN
17238

Source: SECUNIA
Type: UNKNOWN
17248

Source: SECUNIA
Type: UNKNOWN
17340

Source: SECUNIA
Type: UNKNOWN
17360

Source: SECUNIA
Type: UNKNOWN
17444

Source: SECUNIA
Type: UNKNOWN
17445

Source: SECUNIA
Type: UNKNOWN
17480

Source: SECUNIA
Type: UNKNOWN
18376

Source: CCN
Type: SA18584
Avaya S87XX/S8500/S8300 Lynx "HTrjis()" NNTP Buffer Overflow

Source: SECUNIA
Type: UNKNOWN
18584

Source: SECUNIA
Type: UNKNOWN
20383

Source: CCN
Type: SECTRACK ID: 1015065
Lynx Buffer Overflow in HTrjis() in Processing NNTP Headers Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1015065

Source: SLACKWARE
Type: UNKNOWN
SSA:2005-310-03

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-010.htm

Source: CCN
Type: ASA-2006-010
lynx security update (RHSA-2005-803)

Source: CCN
Type: ASA-2006-030
Lynx NNTP Buffer Overflow Vulnerability in UnixWare (SCOSA-2005.47)

Source: DEBIAN
Type: UNKNOWN
DSA-874

Source: DEBIAN
Type: UNKNOWN
DSA-876

Source: DEBIAN
Type: UNKNOWN
DSA-1085

Source: DEBIAN
Type: DSA-1085
lynx-cur -- several vulnerabilities

Source: DEBIAN
Type: DSA-874
lynx -- buffer overflow

Source: DEBIAN
Type: DSA-876
lynx-ssl -- buffer overflow

Source: CCN
Type: GLSA-200510-15
Lynx: Buffer overflow in NNTP processing

Source: GENTOO
Type: UNKNOWN
GLSA-200510-15

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:186

Source: SUSE
Type: UNKNOWN
SUSE-SR:2005:025

Source: CCN
Type: OpenPKG-SA-2005.026
Lynx

Source: OPENPKG
Type: UNKNOWN
OpenPKG-SA-2005.026

Source: REDHAT
Type: Vendor Advisory
RHSA-2005:803

Source: FEDORA
Type: UNKNOWN
FLSA:152832

Source: BUGTRAQ
Type: UNKNOWN
20060602 Re: [SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities

Source: BID
Type: UNKNOWN
15117

Source: CCN
Type: BID-15117
Lynx NNTP Article Header Buffer Overflow Vulnerability

Source: CCN
Type: USN-206-1
Lynx vulnerability

Source: CCN
Type: USN-206-2
Fixed lynx packages for USN-206-1

Source: MISC
Type: Vendor Advisory
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170253

Source: XF
Type: UNKNOWN
lynx-htrjis-bo(22755)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9257

Source: UBUNTU
Type: UNKNOWN
USN-206-1

Source: SUSE
Type: SUSE-SR:2005:025
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:university_of_kansas:lynx:2.8.3:*:*:*:*:*:*:*

OR cpe:/a:university_of_kansas:lynx:2.8.4:*:*:*:*:*:*:*

OR cpe:/a:university_of_kansas:lynx:2.8.6:*:*:*:*:*:*:*

OR cpe:/a:university_of_kansas:lynx:2.8.6_dev13:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20053120	V	CVE-2005-3120	2015-11-16
oval:org.mitre.oval:def:9257	V	Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.	2013-04-29
oval:com.redhat.rhsa:def:20050803	P	RHSA-2005:803: lynx security update (Critical)	2007-01-26
oval:org.debian:def:1085	V	several vulnerabilities	2006-06-01
oval:org.debian:def:874	V	buffer overflow	2005-10-27
oval:org.debian:def:876	V	buffer overflow	2005-10-27

BACK