Resultados 1 al 3 de 3

Tema: lynx CRLF injection vulnerability

  1. #1 lynx CRLF injection vulnerability 
    Ex-moderador
    Fecha de ingreso
    Apr 2002
    Mensajes
    3.184
    Descargas
    0
    Uploads
    0
    SCO Security Advisory

    Subject: Linux: lynx CRLF injection vulnerability
    Advisory number: CSSA-2002-049.0
    Issue date: 2002 November 18
    Cross reference:
    __________________________________________________ ____________________________


    1. Problem Description

    If lynx is given a url with some special characters on
    the command line, it will include faked headers in the HTTP
    query. This feature can be used to force scripts (that use Lynx
    for downloading files) to access the wrong site on a web server
    with multiple virtual hosts.


    2. Vulnerable Supported Versions

    System Package
    ----------------------------------------------------------------------

    OpenLinux 3.1.1 Server prior to lynx-2.8.4-1.i386.rpm

    OpenLinux 3.1.1 Workstation prior to lynx-2.8.4-1.i386.rpm

    OpenLinux 3.1 Server prior to lynx-2.8.4-1.i386.rpm

    OpenLinux 3.1 Workstation prior to lynx-2.8.4-1.i386.rpm


    3. Solution

    The proper solution is to install the latest packages. Many
    customers find it easier to use the Caldera System Updater, called
    cupdate (or kcupdate under the KDE environment), to update these
    packages rather than downloading and installing them by hand.


    4. OpenLinux 3.1.1 Server

    4.1 Package Location

    ftp://ftp.sco.com/pub/updates/OpenLi...002-049.0/RPMS

    4.2 Packages

    86aa0c385c7b4789aa33fe57dc209490 lynx-2.8.4-1.i386.rpm

    4.3 Installation

    rpm -Fvh lynx-2.8.4-1.i386.rpm

    4.4 Source Package Location

    ftp://ftp.sco.com/pub/updates/OpenLi...02-049.0/SRPMS

    4.5 Source Packages

    2b48e8130471668d9562fc10a5969d02 lynx-2.8.4-1.src.rpm


    5. OpenLinux 3.1.1 Workstation

    5.1 Package Location

    ftp://ftp.sco.com/pub/updates/OpenLi...002-049.0/RPMS

    5.2 Packages

    bd467354192cc42c87abb4be5650749f lynx-2.8.4-1.i386.rpm

    5.3 Installation

    rpm -Fvh lynx-2.8.4-1.i386.rpm

    5.4 Source Package Location

    ftp://ftp.sco.com/pub/updates/OpenLi...02-049.0/SRPMS

    5.5 Source Packages

    cf32748b277276e5f43a6f4111bb1ff2 lynx-2.8.4-1.src.rpm


    6. OpenLinux 3.1 Server

    6.1 Package Location

    ftp://ftp.sco.com/pub/updates/OpenLi...002-049.0/RPMS

    6.2 Packages

    02bb0b77cf7f6014c6ad5a386e5bc763 lynx-2.8.4-1.i386.rpm

    6.3 Installation

    rpm -Fvh lynx-2.8.4-1.i386.rpm

    6.4 Source Package Location

    ftp://ftp.sco.com/pub/updates/OpenLi...02-049.0/SRPMS

    6.5 Source Packages

    61828e229e2794c46376c95354c8859c lynx-2.8.4-1.src.rpm


    7. OpenLinux 3.1 Workstation

    7.1 Package Location

    ftp://ftp.sco.com/pub/updates/OpenLi...002-049.0/RPMS

    7.2 Packages

    d0b3580c93c3790d88eb0c4d18a75e58 lynx-2.8.4-1.i386.rpm

    7.3 Installation

    rpm -Fvh lynx-2.8.4-1.i386.rpm

    7.4 Source Package Location

    ftp://ftp.sco.com/pub/updates/OpenLi...02-049.0/SRPMS

    7.5 Source Packages

    2c321eabba1a1d8172893de42f58af59 lynx-2.8.4-1.src.rpm


    8. References

    Specific references for this advisory:
    none

    SCO security resources:
    http://www.sco.com/support/security/index.html

    This security fix closes SCO incidents sr868660, fz525986,
    erg712118.


    9. Disclaimer

    SCO is not responsible for the misuse of any of the information
    we provide on this website and/or through our security
    advisories. Our advisories are a service to our customers intended
    to promote secure installation and use of SCO products.


    10. Acknowledgements

    SCO would like to thank Ulf Harnhammar for the discovery and
    analysis of this vulnerability.

    __________________________________________________ ____________________________
    ' La corrupción, el síntoma más infalible de la libertad que otorga la Constitución '
    Citar  
     

  2. #2  
    Moderador HH
    Fecha de ingreso
    Feb 2002
    Ubicación
    México
    Mensajes
    1.155
    Descargas
    4
    Uploads
    0
    It's interesting but
    In spanish please, i dont speak english very well.
    thanks.
    Mientras el mundo permanezca no acabarán la fama y la gloria de México-Tenochtitlan
    Citar  
     

  3. #3  
    Administrador Foros HH
    Fecha de ingreso
    Nov 2001
    Ubicación
    Spain
    Mensajes
    2.234
    Descargas
    0
    Uploads
    0
    jaja
    Todos desean saber, pero pocos pagar el trabajo que vale.

    [[NORMAS DEL FORO]]
    Citar  
     

Temas similares

  1. Zeroo Folder Traversal Vulnerability
    Por TseTse en el foro VULNERABILIDADES
    Respuestas: 3
    Último mensaje: 26-05-2009, 00:08
  2. Buffer overflow vulnerability
    Por TseTse en el foro VULNERABILIDADES
    Respuestas: 0
    Último mensaje: 24-11-2002, 15:48
  3. TFTPD32 Directory Traversal Vulnerability
    Por TseTse en el foro VULNERABILIDADES
    Respuestas: 0
    Último mensaje: 20-11-2002, 23:27
  4. Linksys router vulnerability
    Por TseTse en el foro VULNERABILIDADES
    Respuestas: 0
    Último mensaje: 20-11-2002, 23:27
  5. Characters expansion vulnerability
    Por TseTse en el foro VULNERABILIDADES
    Respuestas: 0
    Último mensaje: 20-11-2002, 23:21

Marcadores

Marcadores

Permisos de publicación

  • No puedes crear nuevos temas
  • No puedes responder temas
  • No puedes subir archivos adjuntos
  • No puedes editar tus mensajes
  •