According to CERT (http://www.cert.org/) advisory CA-99-15 there is a bug in RSAREF V2 (US users of SSL Lynx are legally obliged to use some version of RSAREF) which does allow sshd users to gain root access and may, according to the advisory, allow the same attack on Lynx-SSL. Also of concern is the fact that Lynx-SSL is quoted as being the FreeBSD ports tree. I haven't followed this up, but they may be in violation of the GPL here.
