Mandrake Linux Security Advisory : lynx (MDKSA-2003:023)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

A vulnerability was discovered in lynx, a text-mode web browser. The
HTTP queries that lynx constructs are from arguments on the command
line or the $WWW_HOME environment variable, but lynx does not properly
sanitize special characters such as carriage returns or linefeeds.
Extra headers can be inserted into the request because of this, which
can cause scripts that use lynx to fetch data from the wrong site from
servers that use virtual hosting.

Solution :

Update the affected lynx package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 14008 (mandrake_MDKSA-2003-023.nasl)

Bugtraq ID:

CVE ID: CVE-2002-1405

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now