oss-sec mailing list archives

Re: Links < 2.1 security issue

From: "Steven M. Christey" <coley () linus mitre org>
Date: Sun, 27 Jul 2008 17:53:53 -0400 (EDT)


On Sun, 27 Jul 2008, Pierre-Yves Rofes wrote:

Anyone investigated this, or even has a clue on the potential impact?
Not sure if a CVE can be assigned, since this is very (too?) vague...


We operate on the assumption that if a developer says it's a security
issue, it's worth assigning a CVE for.

But you wind up with uninformative descriptions like the one below :-/

- Steve

======================================================
Name: CVE-2008-3329
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3329
Reference: CONFIRM:http://links.twibright.com/download/ChangeLog

Unspecified vulnerability in Links before 2.1, when "only proxies" is
enabled, has unknown impact and attack vectors related to providing
"URLs to external programs."

Current thread:

Links < 2.1 security issue Pierre-Yves Rofes (Jul 27)
- Re: Links < 2.1 security issue Steven M. Christey (Jul 27)
  - Re: Links < 2.1 security issue Nico Golde (Jul 28)