CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
6.6 | $0-$5k | 0.00 |
A vulnerability has been found in ISC Lynx 2.8.5/2.8.6/2.8.6 Dev13 (Web Browser) and classified as critical. This vulnerability affects an unknown code of the component Lynx URI Handler. The manipulation with an unknown input leads to a access control vulnerability. The CWE definition for the vulnerability is CWE-264. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.
The bug was discovered 11/11/2005. The weakness was shared 11/14/2005 by Vade 79 with iDEFENSE (Website). The advisory is available at idefense.com. This vulnerability was named CVE-2005-2929 since 09/15/2005. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1068 by the MITRE ATT&CK project.
It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 2 days. During that time the estimated underground price was around $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 21872 (CentOS 3 / 4 : lynx (CESA-2005:839)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CentOS Local Security Checks and running in the context l.
Upgrading eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at lynx.isc.org. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (23119) and Tenable (21872).
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 6.6
VulDB Base Score: 7.3
VulDB Temp Score: 6.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Nessus ID: 21872
Nessus Name: CentOS 3 / 4 : lynx (CESA-2005:839)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Nessus Port: 🔍
OpenVAS ID: 55858
OpenVAS Name: Gentoo Security Advisory GLSA 200511-09 (lynx)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Patch: lynx.isc.org
Timeline
09/15/2005 🔍11/11/2005 🔍
11/11/2005 🔍
11/11/2005 🔍
11/13/2005 🔍
11/14/2005 🔍
11/14/2005 🔍
11/16/2005 🔍
11/18/2005 🔍
11/20/2005 🔍
07/03/2006 🔍
07/05/2019 🔍
Sources
Vendor: isc.orgAdvisory: idefense.com⛔
Researcher: Vade 79
Organization: iDEFENSE
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2005-2929 (🔍)
OVAL: 🔍
X-Force: 23119 - Lynx lynxcgi: URI command execute, High Risk
SecurityTracker: 1015195
Vulnerability Center: 9664 - Lynx Remote Code Execution via lynxcgi: links, Medium
SecurityFocus: 15395 - Lynx URI Handlers Arbitrary Command Execution Vulnerability
Secunia: 18659 - Avaya Intuity Audix Lynx Arbitrary Command Execution, Moderately Critical
OSVDB: 20814 - Lynx lynxcgi: URI Handler Arbitrary Command Execution
Vupen: ADV-2005-2394
Entry
Created: 11/16/2005 11:50Updated: 07/05/2019 12:01
Changes: 11/16/2005 11:50 (99), 07/05/2019 12:01 (1)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.