Conectiva Local Security Checks : Conectiva Security Advisory CLA-2003:720

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51452

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2003:720

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2003:720.

Lynx is a text terminal based web browser.

Ulf Harnhammar reported[1] a CRLF (Carriage Return, Line Feed)
injection vulnerability in lynx. When handling a URL supplied through
the command line, lynx does not filter out characters such as spaces,
CR, LF, etc, which allows an attacker to inject HTTP headers and
cause program misbehavior[2] by using a specially crafted URL.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2002-1405 to this issue[3].

The package distributed with Conectiva Linux 9 (lynx-2.8.4-25963cl)
already contains a fix and is not vulnerable to this problem.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://marc.theaimsgroup.com/?l=bugtraq&m=102978118411977&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=103003793418021&w=2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1405
http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:720
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: BugTraq ID: 5499
Common Vulnerability Exposure (CVE) ID: CVE-2002-1405
http://www.securityfocus.com/bid/5499
Bugtraq: 20020819 Lynx CRLF Injection (Google Search)
http://marc.info/?l=bugtraq&m=102978118411977&w=2
Bugtraq: 20020822 Lynx CRLF Injection, part two (Google Search)
http://marc.info/?l=bugtraq&m=103003793418021&w=2
Caldera Security Advisory: CSSA-2002-049.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt
Debian Security Information: DSA-210 (Google Search)
http://www.debian.org/security/2002/dsa-210
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023
http://www.redhat.com/support/errata/RHSA-2003-029.html
http://www.redhat.com/support/errata/RHSA-2003-030.html
http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txt
http://www.iss.net/security_center/static/9887.php

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51452
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2003:720
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2003:720. Lynx is a text terminal based web browser. Ulf Harnhammar reported[1] a CRLF (Carriage Return, Line Feed) injection vulnerability in lynx. When handling a URL supplied through the command line, lynx does not filter out characters such as spaces, CR, LF, etc, which allows an attacker to inject HTTP headers and cause program misbehavior[2] by using a specially crafted URL. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-1405 to this issue[3]. The package distributed with Conectiva Linux 9 (lynx-2.8.4-25963cl) already contains a fix and is not vulnerable to this problem. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://marc.theaimsgroup.com/?l=bugtraq&m=102978118411977&w=2 http://marc.theaimsgroup.com/?l=bugtraq&m=103003793418021&w=2 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1405 http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:720 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	BugTraq ID: 5499 Common Vulnerability Exposure (CVE) ID: CVE-2002-1405 http://www.securityfocus.com/bid/5499 Bugtraq: 20020819 Lynx CRLF Injection (Google Search) http://marc.info/?l=bugtraq&m=102978118411977&w=2 Bugtraq: 20020822 Lynx CRLF Injection, part two (Google Search) http://marc.info/?l=bugtraq&m=103003793418021&w=2 Caldera Security Advisory: CSSA-2002-049.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt Debian Security Information: DSA-210 (Google Search) http://www.debian.org/security/2002/dsa-210 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023 http://www.redhat.com/support/errata/RHSA-2003-029.html http://www.redhat.com/support/errata/RHSA-2003-030.html http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txt http://www.iss.net/security_center/static/9887.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com