Test ID:	1.3.6.1.4.1.25623.1.0.61727
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2008:217 (lynx)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to lynx announced via advisory MDVSA-2008:217. A flaw was found in the way Lynx handled .mailcap and .mime.types configuration files. If these files were present in the current working directory, they would be loaded prior to similar files in the user's home directory. This could allow a local attacker to possibly execute arbitrary code as the user running Lynx, if they could convince the user to run Lynx in a directory under their control (CVE-2006-7234). A vulnerability was found in the Lynxcgi: URI handler that could allow an attacker to create a web page redirecting to a malicious URL that would execute arbitrary code as the user running Lynx, if they were using the non-default Advanced user mode (CVE-2008-4690). This update corrects these issues and, in addition, makes Lynx always prompt the user before loading a lynxcgi: URI. As well, the default lynx.cfg configuration file marks all lynxcgi: URIs as untrusted. Affected: Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:217 Risk factor : Critical CVSS Score: 10.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-7234 1021107 http://www.securitytracker.com/id?1021107 31917 http://www.securityfocus.com/bid/31917 32407 http://secunia.com/advisories/32407 32416 http://secunia.com/advisories/32416 33568 http://secunia.com/advisories/33568 MDVSA-2008:217 http://www.mandriva.com/security/advisories?name=MDVSA-2008:217 RHSA-2008:0965 http://www.redhat.com/support/errata/RHSA-2008-0965.html SUSE-SR:2009:002 http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html [oss-security] 20081025 CVE request: lynx (old) .mailcap handling flaw http://www.openwall.com/lists/oss-security/2008/10/25/3 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396949 https://bugzilla.redhat.com/show_bug.cgi?id=214205 lynx-mailcap-mimetype-code-execution(46132) https://exchange.xforce.ibmcloud.com/vulnerabilities/46132 oval:org.mitre.oval:def:9719 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9719 Common Vulnerability Exposure (CVE) ID: CVE-2008-4690 https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00066.html https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00143.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:218 http://www.openwall.com/lists/oss-security/2008/10/09/2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11204 http://www.securitytracker.com/id?1021105 http://secunia.com/advisories/32967 SuSE Security Announcement: SUSE-SR:2009:002 (Google Search) XForce ISS Database: lynx-lynxcgi-code-execution(46228) https://exchange.xforce.ibmcloud.com/vulnerabilities/46228
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.