Lucene search
HistoryOct 27, 2008 - 5:21 p.m.
CVE-2006-7234
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
7
Confidence
High
EPSS
0
Percentile
0.4%
Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.
Affected configurations
Node
lynxlynxRangeβ€2.8.6rel3
ORlynxlynxMatch2.8.1dev.1
ORlynxlynxMatch2.8.1dev.10
ORlynxlynxMatch2.8.1dev.11
ORlynxlynxMatch2.8.1dev.12
ORlynxlynxMatch2.8.1dev.13
ORlynxlynxMatch2.8.1dev.14
ORlynxlynxMatch2.8.1dev.15
ORlynxlynxMatch2.8.1dev.16
ORlynxlynxMatch2.8.1dev.17
ORlynxlynxMatch2.8.1dev.18
ORlynxlynxMatch2.8.1dev.19
ORlynxlynxMatch2.8.1dev.2
ORlynxlynxMatch2.8.1dev.20
ORlynxlynxMatch2.8.1dev.21
ORlynxlynxMatch2.8.1dev.22
ORlynxlynxMatch2.8.1dev.23
ORlynxlynxMatch2.8.1dev.24
ORlynxlynxMatch2.8.1dev.26
ORlynxlynxMatch2.8.1dev.27
ORlynxlynxMatch2.8.1dev.28
ORlynxlynxMatch2.8.1dev.29
ORlynxlynxMatch2.8.1dev.3
ORlynxlynxMatch2.8.1dev.4
ORlynxlynxMatch2.8.1dev.5
ORlynxlynxMatch2.8.1dev.6
ORlynxlynxMatch2.8.1dev.7
ORlynxlynxMatch2.8.1dev.8
ORlynxlynxMatch2.8.1dev.9
ORlynxlynxMatch2.8.1pre.1
ORlynxlynxMatch2.8.1pre.10
ORlynxlynxMatch2.8.1pre.11
ORlynxlynxMatch2.8.1pre.2
ORlynxlynxMatch2.8.1pre.3
ORlynxlynxMatch2.8.1pre.4
ORlynxlynxMatch2.8.1pre.5
ORlynxlynxMatch2.8.1pre.6
ORlynxlynxMatch2.8.1pre.7
ORlynxlynxMatch2.8.1pre.8
ORlynxlynxMatch2.8.1pre.9
ORlynxlynxMatch2.8.1rel.1
ORlynxlynxMatch2.8.1rel.2
ORlynxlynxMatch2.8.2dev.1
ORlynxlynxMatch2.8.2dev.10
ORlynxlynxMatch2.8.2dev.11
ORlynxlynxMatch2.8.2dev.12
ORlynxlynxMatch2.8.2dev.13
ORlynxlynxMatch2.8.2dev.14
ORlynxlynxMatch2.8.2dev.15
ORlynxlynxMatch2.8.2dev.16
ORlynxlynxMatch2.8.2dev.17
ORlynxlynxMatch2.8.2dev.18
ORlynxlynxMatch2.8.2dev.19
ORlynxlynxMatch2.8.2dev.2
ORlynxlynxMatch2.8.2dev.20
ORlynxlynxMatch2.8.2dev.21
ORlynxlynxMatch2.8.2dev.22
ORlynxlynxMatch2.8.2dev.23
ORlynxlynxMatch2.8.2dev.24
ORlynxlynxMatch2.8.2dev.25
ORlynxlynxMatch2.8.2dev.26
ORlynxlynxMatch2.8.2dev.3
ORlynxlynxMatch2.8.2dev.4
ORlynxlynxMatch2.8.2dev.5
ORlynxlynxMatch2.8.2dev.6
ORlynxlynxMatch2.8.2dev.7
ORlynxlynxMatch2.8.2dev.8
ORlynxlynxMatch2.8.2dev.9
ORlynxlynxMatch2.8.2pre.1
ORlynxlynxMatch2.8.2pre.10
ORlynxlynxMatch2.8.2pre.11
ORlynxlynxMatch2.8.2pre.2
ORlynxlynxMatch2.8.2pre.3
ORlynxlynxMatch2.8.2pre.4
ORlynxlynxMatch2.8.2pre.5
ORlynxlynxMatch2.8.2pre.6
ORlynxlynxMatch2.8.2pre.7
ORlynxlynxMatch2.8.2pre.8
ORlynxlynxMatch2.8.2pre.9
ORlynxlynxMatch2.8.2rel.1
ORlynxlynxMatch2.8.3dev.1
ORlynxlynxMatch2.8.3dev.10
ORlynxlynxMatch2.8.3dev.11
ORlynxlynxMatch2.8.3dev.12
ORlynxlynxMatch2.8.3dev.13
ORlynxlynxMatch2.8.3dev.14
ORlynxlynxMatch2.8.3dev.15
ORlynxlynxMatch2.8.3dev.16
ORlynxlynxMatch2.8.3dev.17
ORlynxlynxMatch2.8.3dev.18
ORlynxlynxMatch2.8.3dev.19
ORlynxlynxMatch2.8.3dev.2
ORlynxlynxMatch2.8.3dev.20
ORlynxlynxMatch2.8.3dev.21
ORlynxlynxMatch2.8.3dev.22
ORlynxlynxMatch2.8.3dev.23
ORlynxlynxMatch2.8.3dev.3
ORlynxlynxMatch2.8.3dev.4
ORlynxlynxMatch2.8.3dev.5
ORlynxlynxMatch2.8.3dev.6
ORlynxlynxMatch2.8.3dev.7
ORlynxlynxMatch2.8.3dev.8
ORlynxlynxMatch2.8.3dev.9
ORlynxlynxMatch2.8.3pre1
ORlynxlynxMatch2.8.3pre2
ORlynxlynxMatch2.8.3pre3
ORlynxlynxMatch2.8.3pre4
ORlynxlynxMatch2.8.3pre5
ORlynxlynxMatch2.8.3pre6
ORlynxlynxMatch2.8.3pre7
ORlynxlynxMatch2.8.3pre8
ORlynxlynxMatch2.8.3rel1
ORlynxlynxMatch2.8.4dev1
ORlynxlynxMatch2.8.4dev10
ORlynxlynxMatch2.8.4dev11
ORlynxlynxMatch2.8.4dev12
ORlynxlynxMatch2.8.4dev13
ORlynxlynxMatch2.8.4dev14
ORlynxlynxMatch2.8.4dev15
ORlynxlynxMatch2.8.4dev16
ORlynxlynxMatch2.8.4dev17
ORlynxlynxMatch2.8.4dev18
ORlynxlynxMatch2.8.4dev19
ORlynxlynxMatch2.8.4dev2
ORlynxlynxMatch2.8.4dev20
ORlynxlynxMatch2.8.4dev21
ORlynxlynxMatch2.8.4dev3
ORlynxlynxMatch2.8.4dev4
ORlynxlynxMatch2.8.4dev5
ORlynxlynxMatch2.8.4dev6
ORlynxlynxMatch2.8.4dev7
ORlynxlynxMatch2.8.4dev8
ORlynxlynxMatch2.8.4dev9
ORlynxlynxMatch2.8.4pre.1
ORlynxlynxMatch2.8.4pre.2
ORlynxlynxMatch2.8.4pre.3
ORlynxlynxMatch2.8.4pre.4
ORlynxlynxMatch2.8.4pre.5
ORlynxlynxMatch2.8.4rel.1
ORlynxlynxMatch2.8.5dev.1
ORlynxlynxMatch2.8.5dev.10
ORlynxlynxMatch2.8.5dev.11
ORlynxlynxMatch2.8.5dev.12
ORlynxlynxMatch2.8.5dev.13
ORlynxlynxMatch2.8.5dev.14
ORlynxlynxMatch2.8.5dev.15
ORlynxlynxMatch2.8.5dev.16
ORlynxlynxMatch2.8.5dev.17
ORlynxlynxMatch2.8.5dev.2
ORlynxlynxMatch2.8.5dev.3
ORlynxlynxMatch2.8.5dev.4
ORlynxlynxMatch2.8.5dev.5
ORlynxlynxMatch2.8.5dev.6
ORlynxlynxMatch2.8.5dev.7
ORlynxlynxMatch2.8.5dev.8
ORlynxlynxMatch2.8.5dev.9
ORlynxlynxMatch2.8.5pre.1
ORlynxlynxMatch2.8.5pre.2
ORlynxlynxMatch2.8.5pre.3
ORlynxlynxMatch2.8.5pre.4
ORlynxlynxMatch2.8.5pre.5
ORlynxlynxMatch2.8.5rel.1
ORlynxlynxMatch2.8.6dev1
ORlynxlynxMatch2.8.6dev10
ORlynxlynxMatch2.8.6dev11
ORlynxlynxMatch2.8.6dev12
ORlynxlynxMatch2.8.6dev13
ORlynxlynxMatch2.8.6dev14
ORlynxlynxMatch2.8.6dev15
ORlynxlynxMatch2.8.6dev2
ORlynxlynxMatch2.8.6dev3
ORlynxlynxMatch2.8.6dev4
ORlynxlynxMatch2.8.6dev5
ORlynxlynxMatch2.8.6dev6
ORlynxlynxMatch2.8.6dev7
ORlynxlynxMatch2.8.6dev8
ORlynxlynxMatch2.8.6dev9
ORlynxlynxMatch2.8.6rel1
ORlynxlynxMatch2.8.6rel2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| lynx | lynx | * | cpe:2.3:a:lynx:lynx:*:rel3:*:*:*:*:*:* |
| lynx | lynx | 2.8.1 | cpe:2.3:a:lynx:lynx:2.8.1:dev.1:*:*:*:*:*:* |
| lynx | lynx | 2.8.1 | cpe:2.3:a:lynx:lynx:2.8.1:dev.10:*:*:*:*:*:* |
| lynx | lynx | 2.8.1 | cpe:2.3:a:lynx:lynx:2.8.1:dev.11:*:*:*:*:*:* |
| lynx | lynx | 2.8.1 | cpe:2.3:a:lynx:lynx:2.8.1:dev.12:*:*:*:*:*:* |
| lynx | lynx | 2.8.1 | cpe:2.3:a:lynx:lynx:2.8.1:dev.13:*:*:*:*:*:* |
| lynx | lynx | 2.8.1 | cpe:2.3:a:lynx:lynx:2.8.1:dev.14:*:*:*:*:*:* |
| lynx | lynx | 2.8.1 | cpe:2.3:a:lynx:lynx:2.8.1:dev.15:*:*:*:*:*:* |
| lynx | lynx | 2.8.1 | cpe:2.3:a:lynx:lynx:2.8.1:dev.16:*:*:*:*:*:* |
| lynx | lynx | 2.8.1 | cpe:2.3:a:lynx:lynx:2.8.1:dev.17:*:*:*:*:*:* |
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=396949
lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
secunia.com/advisories/32407
secunia.com/advisories/32416
secunia.com/advisories/33568
www.mandriva.com/security/advisories?name=MDVSA-2008:217
www.openwall.com/lists/oss-security/2008/10/25/3
www.redhat.com/support/errata/RHSA-2008-0965.html
www.securityfocus.com/bid/31917
www.securitytracker.com/id?1021107
bugzilla.redhat.com/show_bug.cgi?id=214205
exchange.xforce.ibmcloud.com/vulnerabilities/46132
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9719
Related
cve
cve
CVE-2006-7234
2008-10-27 17:21:27
debiancve
debiancve
CVE-2006-7234
2008-10-27 17:21:27
seebug
seebug
Lynx '.mailcap'ε'.mime.type'ζδ»Άζ¬ε°δ»£η ζ§θ‘ζΌζ΄
2008-10-28 00:00:00
exploitdb
exploitdb
Lynx 2.8 - '.mailcap'/'.mime.type' Local Code Execution
2008-11-03 00:00:00
cvelist
cvelist
CVE-2006-7234
2008-10-27 17:00:00
ubuntucve
ubuntucve
CVE-2006-7234
2008-10-27 00:00:00
openvas
openvas
CentOS Update for lynx CESA-2008:0965 centos4 x86_64
2009-02-27 00:00:00
Oracle: Security Advisory (ELSA-2008-0965)
2015-10-08 00:00:00
CentOS Update for lynx CESA-2008:0965 centos4 x86_64
2009-02-27 00:00:00
centos
centos
lynx security update
2008-10-27 20:12:24
security update
2008-10-28 22:46:30
nessus
nessus
RHEL 2.1 / 3 / 4 / 5 : lynx (RHSA-2008:0965)
2008-10-28 00:00:00
Oracle Linux 3 / 4 / 5 : lynx (ELSA-2008-0965)
2013-07-12 00:00:00
CentOS 3 / 4 / 5 : lynx (CESA-2008:0965)
2008-10-28 00:00:00
redhat
redhat
(RHSA-2008:0965) Important: lynx security update
2008-10-27 00:00:00
oraclelinux
oraclelinux
lynx security update
2008-10-27 00:00:00
osv
osv
lynx-2.9.0~dev.9-1.2 on GA media
2024-06-15 00:00:00
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
7
Confidence
High
EPSS
0
Percentile
0.4%
Related for NVD:CVE-2006-7234