TUCoPS :: Linux :: General :: lnx6023.htm

lynx CRLF injection vulnerability
25th Feb 2003 [SBWID-6023]
COMMAND

	lynx CRLF injection vulnerability

SYSTEMS AFFECTED

	?

PROBLEM

	A vulnerability was discovered in lynx, a  text-mode  web  browser.  The
	From Mandrake Linux Security Update Advisory [MDKSA-2003:023]
	
	HTTP queries that lynx constructs are  from  arguments  on  the  command
	line or the $WWW_HOME environment variable, but lynx does  not  properly
	sanitize special characters  such  as  carriage  returns  or  linefeeds.
	Extra headers can be inserted into the request because  of  this,  which
	can cause scripts that use lynx to fetch data from the wrong  site  from
	servers that use virtual hosting.
	
	References:
	
	  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1405
	

SOLUTION

	Updates available, check your distro

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH