TseTse
24-11-2002, 16:04
SCO Security Advisory
Subject: Linux: lynx CRLF injection vulnerability
Advisory number: CSSA-2002-049.0
Issue date: 2002 November 18
Cross reference:
__________________________________________________ ____________________________
1. Problem Description
If lynx is given a url with some special characters on
the command line, it will include faked headers in the HTTP
query. This feature can be used to force scripts (that use Lynx
for downloading files) to access the wrong site on a web server
with multiple virtual hosts.
2. Vulnerable Supported Versions
System Package
----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to lynx-2.8.4-1.i386.rpm
OpenLinux 3.1.1 Workstation prior to lynx-2.8.4-1.i386.rpm
OpenLinux 3.1 Server prior to lynx-2.8.4-1.i386.rpm
OpenLinux 3.1 Workstation prior to lynx-2.8.4-1.i386.rpm
3. Solution
The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-049.0/RPMS
4.2 Packages
86aa0c385c7b4789aa33fe57dc209490 lynx-2.8.4-1.i386.rpm
4.3 Installation
rpm -Fvh lynx-2.8.4-1.i386.rpm
4.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-049.0/SRPMS
4.5 Source Packages
2b48e8130471668d9562fc10a5969d02 lynx-2.8.4-1.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-049.0/RPMS
5.2 Packages
bd467354192cc42c87abb4be5650749f lynx-2.8.4-1.i386.rpm
5.3 Installation
rpm -Fvh lynx-2.8.4-1.i386.rpm
5.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-049.0/SRPMS
5.5 Source Packages
cf32748b277276e5f43a6f4111bb1ff2 lynx-2.8.4-1.src.rpm
6. OpenLinux 3.1 Server
6.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-049.0/RPMS
6.2 Packages
02bb0b77cf7f6014c6ad5a386e5bc763 lynx-2.8.4-1.i386.rpm
6.3 Installation
rpm -Fvh lynx-2.8.4-1.i386.rpm
6.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-049.0/SRPMS
6.5 Source Packages
61828e229e2794c46376c95354c8859c lynx-2.8.4-1.src.rpm
7. OpenLinux 3.1 Workstation
7.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-049.0/RPMS
7.2 Packages
d0b3580c93c3790d88eb0c4d18a75e58 lynx-2.8.4-1.i386.rpm
7.3 Installation
rpm -Fvh lynx-2.8.4-1.i386.rpm
7.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-049.0/SRPMS
7.5 Source Packages
2c321eabba1a1d8172893de42f58af59 lynx-2.8.4-1.src.rpm
8. References
Specific references for this advisory:
none
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr868660, fz525986,
erg712118.
9. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
10. Acknowledgements
SCO would like to thank Ulf Harnhammar for the discovery and
analysis of this vulnerability.
__________________________________________________ ____________________________
Subject: Linux: lynx CRLF injection vulnerability
Advisory number: CSSA-2002-049.0
Issue date: 2002 November 18
Cross reference:
__________________________________________________ ____________________________
1. Problem Description
If lynx is given a url with some special characters on
the command line, it will include faked headers in the HTTP
query. This feature can be used to force scripts (that use Lynx
for downloading files) to access the wrong site on a web server
with multiple virtual hosts.
2. Vulnerable Supported Versions
System Package
----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to lynx-2.8.4-1.i386.rpm
OpenLinux 3.1.1 Workstation prior to lynx-2.8.4-1.i386.rpm
OpenLinux 3.1 Server prior to lynx-2.8.4-1.i386.rpm
OpenLinux 3.1 Workstation prior to lynx-2.8.4-1.i386.rpm
3. Solution
The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-049.0/RPMS
4.2 Packages
86aa0c385c7b4789aa33fe57dc209490 lynx-2.8.4-1.i386.rpm
4.3 Installation
rpm -Fvh lynx-2.8.4-1.i386.rpm
4.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-049.0/SRPMS
4.5 Source Packages
2b48e8130471668d9562fc10a5969d02 lynx-2.8.4-1.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-049.0/RPMS
5.2 Packages
bd467354192cc42c87abb4be5650749f lynx-2.8.4-1.i386.rpm
5.3 Installation
rpm -Fvh lynx-2.8.4-1.i386.rpm
5.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-049.0/SRPMS
5.5 Source Packages
cf32748b277276e5f43a6f4111bb1ff2 lynx-2.8.4-1.src.rpm
6. OpenLinux 3.1 Server
6.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-049.0/RPMS
6.2 Packages
02bb0b77cf7f6014c6ad5a386e5bc763 lynx-2.8.4-1.i386.rpm
6.3 Installation
rpm -Fvh lynx-2.8.4-1.i386.rpm
6.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-049.0/SRPMS
6.5 Source Packages
61828e229e2794c46376c95354c8859c lynx-2.8.4-1.src.rpm
7. OpenLinux 3.1 Workstation
7.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-049.0/RPMS
7.2 Packages
d0b3580c93c3790d88eb0c4d18a75e58 lynx-2.8.4-1.i386.rpm
7.3 Installation
rpm -Fvh lynx-2.8.4-1.i386.rpm
7.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-049.0/SRPMS
7.5 Source Packages
2c321eabba1a1d8172893de42f58af59 lynx-2.8.4-1.src.rpm
8. References
Specific references for this advisory:
none
SCO security resources:
http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr868660, fz525986,
erg712118.
9. Disclaimer
SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.
10. Acknowledgements
SCO would like to thank Ulf Harnhammar for the discovery and
analysis of this vulnerability.
__________________________________________________ ____________________________