To: bugtraqat_private announceat_private security-alertsat_private full-disclosureat_private ______________________________________________________________________________ SCO Security Advisory Subject: Linux: lynx CRLF injection vulnerability Advisory number: CSSA-2002-049.0 Issue date: 2002 November 18 Cross reference: ______________________________________________________________________________ 1. Problem Description If lynx is given a url with some special characters on the command line, it will include faked headers in the HTTP query. This feature can be used to force scripts (that use Lynx for downloading files) to access the wrong site on a web server with multiple virtual hosts. 2. Vulnerable Supported Versions System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to lynx-2.8.4-1.i386.rpm OpenLinux 3.1.1 Workstation prior to lynx-2.8.4-1.i386.rpm OpenLinux 3.1 Server prior to lynx-2.8.4-1.i386.rpm OpenLinux 3.1 Workstation prior to lynx-2.8.4-1.i386.rpm 3. Solution The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand. 4. OpenLinux 3.1.1 Server 4.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-049.0/RPMS 4.2 Packages 86aa0c385c7b4789aa33fe57dc209490 lynx-2.8.4-1.i386.rpm 4.3 Installation rpm -Fvh lynx-2.8.4-1.i386.rpm 4.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2002-049.0/SRPMS 4.5 Source Packages 2b48e8130471668d9562fc10a5969d02 lynx-2.8.4-1.src.rpm 5. OpenLinux 3.1.1 Workstation 5.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-049.0/RPMS 5.2 Packages bd467354192cc42c87abb4be5650749f lynx-2.8.4-1.i386.rpm 5.3 Installation rpm -Fvh lynx-2.8.4-1.i386.rpm 5.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2002-049.0/SRPMS 5.5 Source Packages cf32748b277276e5f43a6f4111bb1ff2 lynx-2.8.4-1.src.rpm 6. OpenLinux 3.1 Server 6.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-049.0/RPMS 6.2 Packages 02bb0b77cf7f6014c6ad5a386e5bc763 lynx-2.8.4-1.i386.rpm 6.3 Installation rpm -Fvh lynx-2.8.4-1.i386.rpm 6.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2002-049.0/SRPMS 6.5 Source Packages 61828e229e2794c46376c95354c8859c lynx-2.8.4-1.src.rpm 7. OpenLinux 3.1 Workstation 7.1 Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-049.0/RPMS 7.2 Packages d0b3580c93c3790d88eb0c4d18a75e58 lynx-2.8.4-1.i386.rpm 7.3 Installation rpm -Fvh lynx-2.8.4-1.i386.rpm 7.4 Source Package Location ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2002-049.0/SRPMS 7.5 Source Packages 2c321eabba1a1d8172893de42f58af59 lynx-2.8.4-1.src.rpm 8. References Specific references for this advisory: none SCO security resources: http://www.sco.com/support/security/index.html This security fix closes SCO incidents sr868660, fz525986, erg712118. 9. Disclaimer SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. 10. Acknowledgements SCO would like to thank Ulf Harnhammar for the discovery and analysis of this vulnerability. ______________________________________________________________________________
This archive was generated by hypermail 2b30 : Mon Nov 18 2002 - 16:46:11 PST