CVE-2008-4690 - OpenCVE

lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lynx	Lynx
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:lynx:lynx::dev15::::::*
	cpe:2.3:a:lynx:lynx:2.8.1:dev.1::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.10::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.11::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.12::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.13::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.14::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.15::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.16::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.17::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.18::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.19::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.2::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.20::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.21::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.22::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.23::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.24::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.26::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.27::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.28::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.29::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.3::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.4::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.5::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.6::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.7::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.8::::::
	cpe:2.3:a:lynx:lynx:2.8.1:dev.9::::::
	cpe:2.3:a:lynx:lynx:2.8.1:pre.1::::::
	cpe:2.3:a:lynx:lynx:2.8.1:pre.10::::::
	cpe:2.3:a:lynx:lynx:2.8.1:pre.11::::::
	cpe:2.3:a:lynx:lynx:2.8.1:pre.2::::::
	cpe:2.3:a:lynx:lynx:2.8.1:pre.3::::::
	cpe:2.3:a:lynx:lynx:2.8.1:pre.4::::::
	cpe:2.3:a:lynx:lynx:2.8.1:pre.5::::::
	cpe:2.3:a:lynx:lynx:2.8.1:pre.6::::::
	cpe:2.3:a:lynx:lynx:2.8.1:pre.7::::::
	cpe:2.3:a:lynx:lynx:2.8.1:pre.8::::::
	cpe:2.3:a:lynx:lynx:2.8.1:pre.9::::::
	cpe:2.3:a:lynx:lynx:2.8.1:rel.1::::::
	cpe:2.3:a:lynx:lynx:2.8.1:rel.2::::::
	cpe:2.3:a:lynx:lynx:2.8.2:dev.1::::::
	cpe:2.3:a:lynx:lynx:2.8.2:dev.10::::::
	cpe:2.3:a:lynx:lynx:2.8.2:dev.11::::::
	cpe:2.3:a:lynx:lynx:2.8.2:dev.12::::::
	cpe:2.3:a:lynx:lynx:2.8.2:dev.13::::::
	cpe:2.3:a:lynx:lynx:2.8.2:dev.14::::::
	cpe:2.3:a:lynx:lynx:2.8.2:dev.15::::::
	cpe:2.3:a:lynx:lynx:2.8.2:dev.16::::::
	cpe:2.3:a:lynx:lynx:2.8.2:dev.17::::::
	cpe:2.3:a:lynx:lynx:2.8.2:dev.18::::::
	cpe:2.3:a:lynx:lynx:2.8.2:dev.19::::::
	cpe:2.3:a:lynx:lynx:2.8.2:dev.2::::::
	cpe:2.3:a:lynx:lynx:2.8.2:dev.20::::::
	cpe:2.3:a:lynx:lynx:2.8.2:dev.21::::::
	cpe:2.3:a:lynx:lynx:2.8.2:dev.22::::::
	cpe:2.3:a:lynx:lynx:2.8.2:dev.23::::::
	cpe:2.3:a:lynx:lynx:2.8.2:dev.24::::::
	cpe:2.3:a:lynx:lynx:2.8.2:dev.25::::::
	cpe:2.3:a:lynx:lynx:2.8.2:dev.26::::::
	cpe:2.3:a:lynx:lynx:2.8.2:dev.3::::::
	cpe:2.3:a:lynx:lynx:2.8.2:dev.4::::::
	cpe:2.3:a:lynx:lynx:2.8.2:dev.5::::::
cpe:2.3:a:lynx:lynx:2.8.2:dev.6::::::
cpe:2.3:a:lynx:lynx:2.8.2:dev.7::::::
cpe:2.3:a:lynx:lynx:2.8.2:dev.8::::::
cpe:2.3:a:lynx:lynx:2.8.2:dev.9::::::
cpe:2.3:a:lynx:lynx:2.8.2:pre.1::::::
cpe:2.3:a:lynx:lynx:2.8.2:pre.10::::::
cpe:2.3:a:lynx:lynx:2.8.2:pre.11::::::
cpe:2.3:a:lynx:lynx:2.8.2:pre.2::::::
cpe:2.3:a:lynx:lynx:2.8.2:pre.3::::::
cpe:2.3:a:lynx:lynx:2.8.2:pre.4::::::
cpe:2.3:a:lynx:lynx:2.8.2:pre.5::::::
cpe:2.3:a:lynx:lynx:2.8.2:pre.6::::::
cpe:2.3:a:lynx:lynx:2.8.2:pre.7::::::
cpe:2.3:a:lynx:lynx:2.8.2:pre.8::::::
cpe:2.3:a:lynx:lynx:2.8.2:pre.9::::::
cpe:2.3:a:lynx:lynx:2.8.2:rel.1::::::
cpe:2.3:a:lynx:lynx:2.8.3:dev.1::::::
cpe:2.3:a:lynx:lynx:2.8.3:dev.10::::::
cpe:2.3:a:lynx:lynx:2.8.3:dev.11::::::
cpe:2.3:a:lynx:lynx:2.8.3:dev.12::::::
cpe:2.3:a:lynx:lynx:2.8.3:dev.13::::::
cpe:2.3:a:lynx:lynx:2.8.3:dev.14::::::
cpe:2.3:a:lynx:lynx:2.8.3:dev.15::::::
cpe:2.3:a:lynx:lynx:2.8.3:dev.16::::::
cpe:2.3:a:lynx:lynx:2.8.3:dev.17::::::
cpe:2.3:a:lynx:lynx:2.8.3:dev.18::::::
cpe:2.3:a:lynx:lynx:2.8.3:dev.19::::::
cpe:2.3:a:lynx:lynx:2.8.3:dev.2::::::
cpe:2.3:a:lynx:lynx:2.8.3:dev.20::::::
cpe:2.3:a:lynx:lynx:2.8.3:dev.21::::::
cpe:2.3:a:lynx:lynx:2.8.3:dev.22::::::
cpe:2.3:a:lynx:lynx:2.8.3:dev.23::::::
cpe:2.3:a:lynx:lynx:2.8.3:dev.3::::::
cpe:2.3:a:lynx:lynx:2.8.3:dev.4::::::
cpe:2.3:a:lynx:lynx:2.8.3:dev.5::::::
cpe:2.3:a:lynx:lynx:2.8.3:dev.6::::::
cpe:2.3:a:lynx:lynx:2.8.3:dev.7::::::
cpe:2.3:a:lynx:lynx:2.8.3:dev.8::::::
cpe:2.3:a:lynx:lynx:2.8.3:dev.9::::::
cpe:2.3:a:lynx:lynx:2.8.3:pre1::::::
cpe:2.3:a:lynx:lynx:2.8.3:pre2::::::
cpe:2.3:a:lynx:lynx:2.8.3:pre3::::::
cpe:2.3:a:lynx:lynx:2.8.3:pre4::::::
cpe:2.3:a:lynx:lynx:2.8.3:pre5::::::
cpe:2.3:a:lynx:lynx:2.8.3:pre6::::::
cpe:2.3:a:lynx:lynx:2.8.3:pre7::::::
cpe:2.3:a:lynx:lynx:2.8.3:pre8::::::
cpe:2.3:a:lynx:lynx:2.8.3:rel1::::::
cpe:2.3:a:lynx:lynx:2.8.4:dev1::::::
cpe:2.3:a:lynx:lynx:2.8.4:dev10::::::
cpe:2.3:a:lynx:lynx:2.8.4:dev11::::::
cpe:2.3:a:lynx:lynx:2.8.4:dev12::::::
cpe:2.3:a:lynx:lynx:2.8.4:dev13::::::
cpe:2.3:a:lynx:lynx:2.8.4:dev14::::::
cpe:2.3:a:lynx:lynx:2.8.4:dev15::::::
cpe:2.3:a:lynx:lynx:2.8.4:dev16::::::
cpe:2.3:a:lynx:lynx:2.8.4:dev17::::::
cpe:2.3:a:lynx:lynx:2.8.4:dev18::::::
cpe:2.3:a:lynx:lynx:2.8.4:dev19::::::
cpe:2.3:a:lynx:lynx:2.8.4:dev2::::::
cpe:2.3:a:lynx:lynx:2.8.4:dev20::::::
cpe:2.3:a:lynx:lynx:2.8.4:dev21::::::
cpe:2.3:a:lynx:lynx:2.8.4:dev3::::::
cpe:2.3:a:lynx:lynx:2.8.4:dev4::::::
cpe:2.3:a:lynx:lynx:2.8.4:dev5::::::
cpe:2.3:a:lynx:lynx:2.8.4:dev6::::::
cpe:2.3:a:lynx:lynx:2.8.4:dev7::::::
cpe:2.3:a:lynx:lynx:2.8.4:dev8::::::
cpe:2.3:a:lynx:lynx:2.8.4:dev9::::::
cpe:2.3:a:lynx:lynx:2.8.4:pre.1::::::
cpe:2.3:a:lynx:lynx:2.8.4:pre.2::::::
cpe:2.3:a:lynx:lynx:2.8.4:pre.3::::::
cpe:2.3:a:lynx:lynx:2.8.4:pre.4::::::
cpe:2.3:a:lynx:lynx:2.8.4:pre.5::::::
cpe:2.3:a:lynx:lynx:2.8.4:rel.1::::::
cpe:2.3:a:lynx:lynx:2.8.5:dev.1::::::
cpe:2.3:a:lynx:lynx:2.8.5:dev.10::::::
cpe:2.3:a:lynx:lynx:2.8.5:dev.11::::::
cpe:2.3:a:lynx:lynx:2.8.5:dev.12::::::
cpe:2.3:a:lynx:lynx:2.8.5:dev.13::::::
cpe:2.3:a:lynx:lynx:2.8.5:dev.14::::::
cpe:2.3:a:lynx:lynx:2.8.5:dev.15::::::
cpe:2.3:a:lynx:lynx:2.8.5:dev.16::::::
cpe:2.3:a:lynx:lynx:2.8.5:dev.17::::::
cpe:2.3:a:lynx:lynx:2.8.5:dev.2::::::
cpe:2.3:a:lynx:lynx:2.8.5:dev.3::::::
cpe:2.3:a:lynx:lynx:2.8.5:dev.4::::::
cpe:2.3:a:lynx:lynx:2.8.5:dev.5::::::
cpe:2.3:a:lynx:lynx:2.8.5:dev.6::::::
cpe:2.3:a:lynx:lynx:2.8.5:dev.7::::::
cpe:2.3:a:lynx:lynx:2.8.5:dev.8::::::
cpe:2.3:a:lynx:lynx:2.8.5:dev.9::::::
cpe:2.3:a:lynx:lynx:2.8.5:pre.1::::::
cpe:2.3:a:lynx:lynx:2.8.5:pre.2::::::
cpe:2.3:a:lynx:lynx:2.8.5:pre.3::::::
cpe:2.3:a:lynx:lynx:2.8.5:pre.4::::::
cpe:2.3:a:lynx:lynx:2.8.5:pre.5::::::
cpe:2.3:a:lynx:lynx:2.8.5:rel.1::::::
cpe:2.3:a:lynx:lynx:2.8.6:dev1::::::
cpe:2.3:a:lynx:lynx:2.8.6:dev10::::::
cpe:2.3:a:lynx:lynx:2.8.6:dev11::::::
cpe:2.3:a:lynx:lynx:2.8.6:dev12::::::
cpe:2.3:a:lynx:lynx:2.8.6:dev13::::::
cpe:2.3:a:lynx:lynx:2.8.6:dev14::::::
cpe:2.3:a:lynx:lynx:2.8.6:dev2::::::
cpe:2.3:a:lynx:lynx:2.8.6:dev3::::::
cpe:2.3:a:lynx:lynx:2.8.6:dev4::::::
cpe:2.3:a:lynx:lynx:2.8.6:dev5::::::
cpe:2.3:a:lynx:lynx:2.8.6:dev6::::::
cpe:2.3:a:lynx:lynx:2.8.6:dev7::::::
cpe:2.3:a:lynx:lynx:2.8.6:dev8::::::
cpe:2.3:a:lynx:lynx:2.8.6:dev9::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 2.1
lynx-0:2.8.4-18.1.3	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2008:0965	2008-10-27T00:00:00Z
Red Hat Enterprise Linux 3
lynx-0:2.8.5-11.3	cpe:/o:redhat:enterprise_linux:3	RHSA-2008:0965	2008-10-27T00:00:00Z
Red Hat Enterprise Linux 4
lynx-0:2.8.5-18.2.el4_7.1	cpe:/o:redhat:enterprise_linux:4	RHSA-2008:0965	2008-10-27T00:00:00Z
Red Hat Enterprise Linux 5
lynx-0:2.8.5-28.1.el5_2.1	cpe:/o:redhat:enterprise_linux:5	RHSA-2008:0965	2008-10-27T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
http://secunia.com/advisories/32416
http://secunia.com/advisories/32967
http://secunia.com/advisories/33568
http://www.mandriva.com/security/advisories?name=MDVSA-2008:217
http://www.mandriva.com/security/advisories?name=MDVSA-2008:218
http://www.openwall.com/lists/oss-security/2008/10/09/2
http://www.redhat.com/support/errata/RHSA-2008-0965.html
http://www.securitytracker.com/id?1021105
https://exchange.xforce.ibmcloud.com/vulnerabilities/46228
https://nvd.nist.gov/vuln/detail/CVE-2008-4690
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11204
https://www.cve.org/CVERecord?id=CVE-2008-4690
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00066.html
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00143.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-10-22T17:00:00

Updated: 2024-08-07T10:24:20.695Z

Reserved: 2008-10-22T00:00:00

Link: CVE-2008-4690

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-10-22T18:00:01.287

Modified: 2017-09-29T01:32:17.743

Link: CVE-2008-4690

Redhat

Severity : Important

Publid Date: 2008-10-09T00:00:00Z

Links: CVE-2008-4690 - Bugzilla

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object