From: Secunia Security Advisories (sec-advsecunia.com)
Date: Tue Jul 29 2003 - 07:25:54 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Sun Linux update for lynx

READ ONLINE:
http://www.secunia.com/advisories/9378/

CRITICAL:
Not critical

IMPACT:
Manipulation of data

WHERE:
Local system

OPERATING SYSTEM:
Sun Linux 5.x

DESCRIPTION:
Sun has issued updated packages to fix a minor, older vulnerability
in lynx.

If lynx receives special characters on the command line, it may
include faked headers in the HTTP request. This could possibly be
abused to make lynx download from the wrong domain from a server
hosting multiple domains.

SOLUTION:
This is hardly a security issue. Any script taking arguments from non
trusted users and passing them to lynx should do proper checking of
the arguments, as it possibly could be abused to much more dangerous
things, than making lynx download something from the wrong domain.

Updated packages:

ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPMS/lynx-2.8.4-18.1.i386.rpm
SRPM:
ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/SRPMS/lynx-2.8.4-18.1.src.rpm

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]