RHEL 2.1 : lynx (RHSA-2003:030)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

Updated Lynx packages fix an error in the way Lynx parses its command
line arguments which can lead to faked headers being sent to a Web
server.

Lynx is a character-cell Web browser, suitable for running on
terminals such as the VT100.

Lynx constructs its HTTP queries from the command line (or WWW_HOME
environment variable) without regard to special characters such as
carriage returns or linefeeds. When given a URL containing such
special characters, extra headers could be inserted into the request.
This could cause scripts using Lynx to fetch data from the wrong site
from servers with virtual hosting.

Users of Lynx are advised to upgrade to these erratum packages which
contain a patch to correct this isssue.

See also :

https://www.redhat.com/security/data/cve/CVE-2002-1405.html
http://www.mail-archive.com/bugtraq@securityfocus.com/msg08897.html
http://rhn.redhat.com/errata/RHSA-2003-030.html

Solution :

Update the affected lynx package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12357 ()

Bugtraq ID:

CVE ID: CVE-2002-1405