Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » [CSSA-2002-049.0] Linux: lynx CRLF injection vulnerability

[CSSA-2002-049.0] Linux: lynx CRLF injection vulnerability

by Nikola Strahija on November 23rd, 2002 If lynx is given a url with some special characters on the command line, it will include faked headers in the HTTP query. This feature can be used to force scripts (that use Lynx for downloading files) to access the wrong site on a web server with multiple virtual hosts.


2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------

OpenLinux 3.1.1 Server prior to lynx-2.8.4-1.i386.rpm

OpenLinux 3.1.1 Workstation prior to lynx-2.8.4-1.i386.rpm

OpenLinux 3.1 Server prior to lynx-2.8.4-1.i386.rpm

OpenLinux 3.1 Workstation prior to lynx-2.8.4-1.i386.rpm


3. Solution

The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

4.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-049.0/RPMS

4.2 Packages

86aa0c385c7b4789aa33fe57dc209490 lynx-2.8.4-1.i386.rpm

4.3 Installation

rpm -Fvh lynx-2.8.4-1.i386.rpm

4.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-049.0/SRPMS

4.5 Source Packages

2b48e8130471668d9562fc10a5969d02 lynx-2.8.4-1.src.rpm


5. OpenLinux 3.1.1 Workstation

5.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-049.0/RPMS

5.2 Packages

bd467354192cc42c87abb4be5650749f lynx-2.8.4-1.i386.rpm

5.3 Installation

rpm -Fvh lynx-2.8.4-1.i386.rpm

5.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-049.0/SRPMS

5.5 Source Packages

cf32748b277276e5f43a6f4111bb1ff2 lynx-2.8.4-1.src.rpm


6. OpenLinux 3.1 Server

6.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-049.0/RPMS

6.2 Packages

02bb0b77cf7f6014c6ad5a386e5bc763 lynx-2.8.4-1.i386.rpm

6.3 Installation

rpm -Fvh lynx-2.8.4-1.i386.rpm

6.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-049.0/SRPMS

6.5 Source Packages

61828e229e2794c46376c95354c8859c lynx-2.8.4-1.src.rpm


7. OpenLinux 3.1 Workstation

7.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-049.0/RPMS

7.2 Packages

d0b3580c93c3790d88eb0c4d18a75e58 lynx-2.8.4-1.i386.rpm

7.3 Installation

rpm -Fvh lynx-2.8.4-1.i386.rpm

7.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-049.0/SRPMS

7.5 Source Packages

2c321eabba1a1d8172893de42f58af59 lynx-2.8.4-1.src.rpm


8. References

Specific references for this advisory:
none

SCO security resources:
http://www.sco.com/support/security/index.html

This security fix closes SCO incidents sr868660, fz525986,
erg712118.


9. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.


10. Acknowledgements

SCO would like to thank Ulf Harnhammar for the discovery and
analysis of this vulnerability.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »