[ http://www.rootshell.com/ ] Date: Tue, 17 Mar 1998 16:27:29 +0100 From: Michal Zalewski Subject: Very, very ugly remote lynx 2.7.1 hole While poking around lynx protocol handling routines, I found this very big, ugly remote hole: CLICK HERE It allows remote execution of any code on viewer's machine. Also, by setting 'Method' field to 0 or more, you may crash lynx, but it isn't so exciting as above URL. Also, it's possible to parse /dev/zero as 'File', also not funny. Greetings, _______________________________________________________________________ Michal Zalewski [tel 9690] | finger 4 PGP [lcamtuf@boss.staszic.waw.pl] Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deustch] =--------------- [ echo "\$0&\$0">_;chmod +x _;./_ ] -----------------= Date: Tue, 17 Mar 1998 17:56:56 +0100 (CET) From: Michal Zalewski To: info@rootshell.com, crv@oliver.efri.hr Subject: lynx remote command execution Following href exploits lynx remote hole. It executes "echo + +>~/.rhosts": CLICK HERE More details about vunerability at BUGTRAQ (coming soon ;).