Vulnerability Description
Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| University Of Kansas | Lynx | 2.8.5 |
Related Weaknesses (CWE)
References
- ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt
- ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.55/SCOSA-2005.55.txt
- http://secunia.com/advisories/17372Vendor Advisory
- http://secunia.com/advisories/17512Vendor Advisory
- http://secunia.com/advisories/17546Vendor Advisory
- http://secunia.com/advisories/17556Vendor Advisory
- http://secunia.com/advisories/17576Vendor Advisory
- http://secunia.com/advisories/17666Vendor Advisory
- http://secunia.com/advisories/17757Vendor Advisory
- http://secunia.com/advisories/18051Vendor Advisory
- http://secunia.com/advisories/18376Vendor Advisory
- http://secunia.com/advisories/18659Vendor Advisory
- http://securityreason.com/securityalert/173
- http://securitytracker.com/id?1015195
- http://support.avaya.com/elmodocs2/security/ASA-2006-035.htm
FAQ
What is CVE-2005-2929?
CVE-2005-2929 is a vulnerability with a CVSS score of 7.5 (HIGH). Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in th...
How severe is CVE-2005-2929?
CVE-2005-2929 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-2929?
Check the references section above for vendor advisories and patch information. Affected products include: University Of Kansas Lynx.