COMMAND

    lynx

SYSTEMS AFFECTED

    Systems using lynx 2.8 (including latest development versions)

PROBLEM

    Michal Zalewski  found following.   Trivial overflows  in protocol
    handlers:

        <a href="rlogin://(approx. 1454 times 'A')">...</a>,
        <a href="telnet://(approx. 1454 times 'A')">...</a> or
        <a href="tn3270://(approx. 1454 times 'A')">...</a>

    Choose  your  favourite  protocol.  Beautiful  SEGV at 0x41414141.
    Also,  overflows  in  finger://,   cso://,  nntp://  and   news://
    handlers, unfortunately not-so-easily exploitable.  1454 bytes  is
    more than  perfect for  common lynx  2.8.x under  Linux.  May vary
    under other platforms.  Samples:

        http://dione.ids.pl/~lcamtuf/pliki/browsers.html.gz

SOLUTION

    From CHANGES (for 2.8.1rel.2, the most recent version):

        1998-05-10 (2.8.1dev.10)
        [...]
        * fix for buffer-overrun in LYMail.c when processing a mailto:very-log-address
          URL - BL