> It seems that the netscape problem found by darkspyrit (oversized
> arguments to CGI's via GET) might also be a vulnerability issue in
> other browser software. For fun, I tried accessing the sample exploit
> page at http://www.beavuh.org/nscape.htm
> with lynx, and nothing happened, but when I tried saving the page
> (default key 'p') to disk, it got a segv..
> this happened using version 2.8.1pre.9
The current version of lynx is 2.8.2 (2.8.3 in development)
It's available at
http://lynx.browser.org
http://sol.slcc.edu/lynx/release
ftp://lynx.isc.org/lynx-2.8.2
(it doesn't break when I view/print the page)
> Here is a backtrace from the lynx core file:
> (gdb) bt
> #0 0x1ad811 in __kill ()
> #1 0x1ad63f in raise (sig=6) at ../sysdeps/posix/raise.c:27
> #2 0x1ae84f in abort () at ../sysdeps/generic/abort.c:83
> #3 0x80602e8 in _start ()
> #4 0xc0de0001 in ?? ()
>
> ________________________
> [EMAIL PROTECTED]
> http://1337.tsx.org
> mkdir -p `perl -e 'printf "a/" x 1000'`
>
--
Thomas E. Dickey
[EMAIL PROTECTED]
http://www.clark.net/pub/dickey
