lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20021118162642.N18657@caldera.com>
From: security at caldera.com (security@...dera.com)
Subject: Security Update: [CSSA-2002-049.0] Linux: lynx CRLF injection vulnerability

To: bugtraq@...urityfocus.com announce@...ts.caldera.com security-alerts@...uxsecurity.com full-disclosure@...ts.netsys.com


______________________________________________________________________________

			SCO Security Advisory

Subject:		Linux: lynx CRLF injection vulnerability
Advisory number: 	CSSA-2002-049.0
Issue date: 		2002 November 18
Cross reference:
______________________________________________________________________________


1. Problem Description

	If lynx is given a url with some special characters on
	the command line, it will include faked headers in the HTTP
	query. This feature can be used to force scripts (that use Lynx
	for downloading files) to access the wrong site on a web server
	with multiple virtual hosts.


2. Vulnerable Supported Versions

	System				Package
	----------------------------------------------------------------------

	OpenLinux 3.1.1 Server		prior to lynx-2.8.4-1.i386.rpm

	OpenLinux 3.1.1 Workstation	prior to lynx-2.8.4-1.i386.rpm

	OpenLinux 3.1 Server		prior to lynx-2.8.4-1.i386.rpm

	OpenLinux 3.1 Workstation	prior to lynx-2.8.4-1.i386.rpm


3. Solution

	The proper solution is to install the latest packages. Many
	customers find it easier to use the Caldera System Updater, called
	cupdate (or kcupdate under the KDE environment), to update these
	packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

	4.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-049.0/RPMS

	4.2 Packages

	86aa0c385c7b4789aa33fe57dc209490	lynx-2.8.4-1.i386.rpm

	4.3 Installation

	rpm -Fvh lynx-2.8.4-1.i386.rpm

	4.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-049.0/SRPMS

	4.5 Source Packages

	2b48e8130471668d9562fc10a5969d02	lynx-2.8.4-1.src.rpm


5. OpenLinux 3.1.1 Workstation

	5.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-049.0/RPMS

	5.2 Packages

	bd467354192cc42c87abb4be5650749f	lynx-2.8.4-1.i386.rpm

	5.3 Installation

	rpm -Fvh lynx-2.8.4-1.i386.rpm

	5.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-049.0/SRPMS

	5.5 Source Packages

	cf32748b277276e5f43a6f4111bb1ff2	lynx-2.8.4-1.src.rpm


6. OpenLinux 3.1 Server

	6.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-049.0/RPMS

	6.2 Packages

	02bb0b77cf7f6014c6ad5a386e5bc763	lynx-2.8.4-1.i386.rpm

	6.3 Installation

	rpm -Fvh lynx-2.8.4-1.i386.rpm

	6.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-049.0/SRPMS

	6.5 Source Packages

	61828e229e2794c46376c95354c8859c	lynx-2.8.4-1.src.rpm


7. OpenLinux 3.1 Workstation

	7.1 Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-049.0/RPMS

	7.2 Packages

	d0b3580c93c3790d88eb0c4d18a75e58	lynx-2.8.4-1.i386.rpm

	7.3 Installation

	rpm -Fvh lynx-2.8.4-1.i386.rpm

	7.4 Source Package Location

	ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-049.0/SRPMS

	7.5 Source Packages

	2c321eabba1a1d8172893de42f58af59	lynx-2.8.4-1.src.rpm


8. References

	Specific references for this advisory:
		none

	SCO security resources:
		http://www.sco.com/support/security/index.html

	This security fix closes SCO incidents sr868660, fz525986,
	erg712118.


9. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers intended
	to promote secure installation and use of SCO products.


10. Acknowledgements

	SCO would like to thank Ulf Harnhammar for the discovery and
	analysis of this vulnerability.

______________________________________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 237 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20021118/4ad97c8a/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ