Red Hat Local Security Checks : RedHat Security Advisory RHSA-2003:030

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51200

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2003:030

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2003:030.

Updated Lynx packages fix an error in the way Lynx parses its command line
arguments which can lead to faked headers being sent to a Web server.

Lynx is a character-cell Web browser, suitable for running on terminals
such as the VT100.

Lynx constructs its HTTP queries from the command line (or WWW_HOME
environment variable) without regard to special characters such as carriage
returns or linefeeds. When given a URL containing such special characters,
extra headers could be inserted into the request. This could cause scripts
using Lynx to fetch data from the wrong site from servers with virtual hosting.

Users of Lynx are advised to upgrade to these erratum packages which
contain a patch to correct this isssue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2003-030.html
http://www.mail-archive.com/bugtraq@securityfocus.com/msg08897.html

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: BugTraq ID: 5499
Common Vulnerability Exposure (CVE) ID: CVE-2002-1405
http://www.securityfocus.com/bid/5499
Bugtraq: 20020819 Lynx CRLF Injection (Google Search)
http://marc.info/?l=bugtraq&m=102978118411977&w=2
Bugtraq: 20020822 Lynx CRLF Injection, part two (Google Search)
http://marc.info/?l=bugtraq&m=103003793418021&w=2
Caldera Security Advisory: CSSA-2002-049.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt
Debian Security Information: DSA-210 (Google Search)
http://www.debian.org/security/2002/dsa-210
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023
http://www.redhat.com/support/errata/RHSA-2003-029.html
http://www.redhat.com/support/errata/RHSA-2003-030.html
http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txt
http://www.iss.net/security_center/static/9887.php

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51200
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2003:030
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2003:030. Updated Lynx packages fix an error in the way Lynx parses its command line arguments which can lead to faked headers being sent to a Web server. Lynx is a character-cell Web browser, suitable for running on terminals such as the VT100. Lynx constructs its HTTP queries from the command line (or WWW_HOME environment variable) without regard to special characters such as carriage returns or linefeeds. When given a URL containing such special characters, extra headers could be inserted into the request. This could cause scripts using Lynx to fetch data from the wrong site from servers with virtual hosting. Users of Lynx are advised to upgrade to these erratum packages which contain a patch to correct this isssue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-030.html http://www.mail-archive.com/bugtraq@securityfocus.com/msg08897.html Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	BugTraq ID: 5499 Common Vulnerability Exposure (CVE) ID: CVE-2002-1405 http://www.securityfocus.com/bid/5499 Bugtraq: 20020819 Lynx CRLF Injection (Google Search) http://marc.info/?l=bugtraq&m=102978118411977&w=2 Bugtraq: 20020822 Lynx CRLF Injection, part two (Google Search) http://marc.info/?l=bugtraq&m=103003793418021&w=2 Caldera Security Advisory: CSSA-2002-049.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt Debian Security Information: DSA-210 (Google Search) http://www.debian.org/security/2002/dsa-210 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023 http://www.redhat.com/support/errata/RHSA-2003-029.html http://www.redhat.com/support/errata/RHSA-2003-030.html http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txt http://www.iss.net/security_center/static/9887.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com