Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-210-1 lynx -- CRLF injection

Related Vulnerabilities: CVE-2002-1405  

lynx (a text-only web browser) did not properly check for illegal characters in all places, including processing of command line options, which could be used to insert extra HTTP headers in a request. For Debian GNU/Linux 2.2/potato this has been fixed in version 2.8.3-1.1 of the lynx package and version 2.8.3.1-1.1 of the lynx-ssl package. For Debian GNU/Linux 3.0/woody this has been fixed in version 2.8.4.1b-3.2 of the lynx package and version 1:2.8.4.1b-3.1 of the lynx-ssl package.

Source

Debian Security Advisory

DSA-210-1 lynx -- CRLF injection

Date Reported:
13 Dec 2002
Affected Packages:
lynx, lynx-ssl
Vulnerable:
Yes
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 5499.
In Mitre's CVE dictionary: CVE-2002-1405.
More information:

lynx (a text-only web browser) did not properly check for illegal characters in all places, including processing of command line options, which could be used to insert extra HTTP headers in a request.

For Debian GNU/Linux 2.2/potato this has been fixed in version 2.8.3-1.1 of the lynx package and version 2.8.3.1-1.1 of the lynx-ssl package.

For Debian GNU/Linux 3.0/woody this has been fixed in version 2.8.4.1b-3.2 of the lynx package and version 1:2.8.4.1b-3.1 of the lynx-ssl package.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Source:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1.orig.tar.gz
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1-1.1.dsc
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3-1.1.dsc
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3.orig.tar.gz
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3-1.1.diff.gz
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1-1.1.diff.gz
alpha (DEC Alpha):
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1-1.1_alpha.deb
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3-1.1_alpha.deb
arm (ARM):
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1-1.1_arm.deb
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3-1.1_arm.deb
i386 (Intel ia32):
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3-1.1_i386.deb
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1-1.1_i386.deb
m68k (Motorola Mc680x0):
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3-1.1_m68k.deb
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1-1.1_m68k.deb
powerpc (PowerPC):
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1-1.1_powerpc.deb
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3-1.1_powerpc.deb
sparc (Sun SPARC/UltraSPARC):
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.3-1.1_sparc.deb
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.3.1-1.1_sparc.deb

Debian GNU/Linux 3.0 (woody)

Source:
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b.orig.tar.gz
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2.diff.gz
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1.dsc
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2.dsc
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1.diff.gz
alpha (DEC Alpha):
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_alpha.deb
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_alpha.deb
arm (ARM):
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_arm.deb
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_arm.deb
hppa (HP PA RISC):
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_hppa.deb
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_hppa.deb
i386 (Intel ia32):
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_i386.deb
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_i386.deb
ia64 (Intel ia64):
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_ia64.deb
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_ia64.deb
m68k (Motorola Mc680x0):
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_m68k.deb
mips (MIPS (Big Endian)):
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_mips.deb
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_mips.deb
mipsel (MIPS (Little Endian)):
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_mipsel.deb
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_mipsel.deb
powerpc (PowerPC):
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_powerpc.deb
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_powerpc.deb
s390 (IBM S/390):
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_s390.deb
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_s390.deb
sparc (Sun SPARC/UltraSPARC):
http://security.debian.org/pool/updates/main/l/lynx-ssl/lynx-ssl_2.8.4.1b-3.1_sparc.deb
http://security.debian.org/pool/updates/main/l/lynx/lynx_2.8.4.1b-3.2_sparc.deb

MD5 checksums of the listed files are available in the original advisory.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started