PDA

Ver la versión completa : lynx CRLF injection vulnerability



TseTse
24-11-2002, 17:04
SCO Security Advisory

Subject: Linux: lynx CRLF injection vulnerability
Advisory number: CSSA-2002-049.0
Issue date: 2002 November 18
Cross reference:
__________________________________________________ ____________________________


1. Problem Description

If lynx is given a url with some special characters on
the command line, it will include faked headers in the HTTP
query. This feature can be used to force scripts (that use Lynx
for downloading files) to access the wrong site on a web server
with multiple virtual hosts.


2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------

OpenLinux 3.1.1 Server prior to lynx-2.8.4-1.i386.rpm

OpenLinux 3.1.1 Workstation prior to lynx-2.8.4-1.i386.rpm

OpenLinux 3.1 Server prior to lynx-2.8.4-1.i386.rpm

OpenLinux 3.1 Workstation prior to lynx-2.8.4-1.i386.rpm


3. Solution

The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

4.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-049.0/RPMS

4.2 Packages

86aa0c385c7b4789aa33fe57dc209490 lynx-2.8.4-1.i386.rpm

4.3 Installation

rpm -Fvh lynx-2.8.4-1.i386.rpm

4.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-049.0/SRPMS

4.5 Source Packages

2b48e8130471668d9562fc10a5969d02 lynx-2.8.4-1.src.rpm


5. OpenLinux 3.1.1 Workstation

5.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-049.0/RPMS

5.2 Packages

bd467354192cc42c87abb4be5650749f lynx-2.8.4-1.i386.rpm

5.3 Installation

rpm -Fvh lynx-2.8.4-1.i386.rpm

5.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-049.0/SRPMS

5.5 Source Packages

cf32748b277276e5f43a6f4111bb1ff2 lynx-2.8.4-1.src.rpm


6. OpenLinux 3.1 Server

6.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-049.0/RPMS

6.2 Packages

02bb0b77cf7f6014c6ad5a386e5bc763 lynx-2.8.4-1.i386.rpm

6.3 Installation

rpm -Fvh lynx-2.8.4-1.i386.rpm

6.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-049.0/SRPMS

6.5 Source Packages

61828e229e2794c46376c95354c8859c lynx-2.8.4-1.src.rpm


7. OpenLinux 3.1 Workstation

7.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-049.0/RPMS

7.2 Packages

d0b3580c93c3790d88eb0c4d18a75e58 lynx-2.8.4-1.i386.rpm

7.3 Installation

rpm -Fvh lynx-2.8.4-1.i386.rpm

7.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-049.0/SRPMS

7.5 Source Packages

2c321eabba1a1d8172893de42f58af59 lynx-2.8.4-1.src.rpm


8. References

Specific references for this advisory:
none

SCO security resources:
http://www.sco.com/support/security/index.html

This security fix closes SCO incidents sr868660, fz525986,
erg712118.


9. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.


10. Acknowledgements

SCO would like to thank Ulf Harnhammar for the discovery and
analysis of this vulnerability.

__________________________________________________ ____________________________

Giskard
25-11-2002, 02:40
It's interesting but
In spanish please, i dont speak english very well.
thanks.
:0=

CrAcKzMe
07-12-2002, 16:58
jaja