RHEL 2.1 : lynx (RHSA-2003:030)

Medium Nessus Plugin ID 12357


The remote Red Hat host is missing a security update.


Updated Lynx packages fix an error in the way Lynx parses its command line arguments which can lead to faked headers being sent to a Web server.

Lynx is a character-cell Web browser, suitable for running on terminals such as the VT100.

Lynx constructs its HTTP queries from the command line (or WWW_HOME environment variable) without regard to special characters such as carriage returns or linefeeds. When given a URL containing such special characters, extra headers could be inserted into the request.
This could cause scripts using Lynx to fetch data from the wrong site from servers with virtual hosting.

Users of Lynx are advised to upgrade to these erratum packages which contain a patch to correct this isssue.


Update the affected lynx package.

See Also


http://www.mail-archive.com/[email protected]/msg08897.html


Plugin Details

Severity: Medium

ID: 12357

File Name: redhat-RHSA-2003-030.nasl

Version: $Revision: 1.18 $

Type: local

Agent: unix

Published: 2004/07/06

Modified: 2016/12/28

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:lynx, cpe:/o:redhat:enterprise_linux:2.1

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 2003/02/20

Vulnerability Publication Date: 2002/08/18

Reference Information

CVE: CVE-2002-1405

OSVDB: 12657

RHSA: 2003:030