Note: This is an archival copy of Security Sun Alert 200813 as previously published on
Latest version of this security advisory is available from as Sun Alert 1000612.1.
Article ID : 1000612.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-01-24
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Sun Linux 5.0 CRLF Injection Vulnerability in Lynx 2.8.4 and Earlier


Release Phase

Bug Id

Date of Resolved Release


Sun Linux 5.0 ships with Lynx, a popular text-based Web browser for Unix systems which fails to remove certain character combinations from URL requests in versions 2.8.4 and below. A remote unprivileged user could add CRLF (Carriage Return - Line Feed) combinations to a URL request entered on the Lynx command-line or in the WWW_HOME environment variable to cause fake HTTP headers to be sent. This could result in local users that are utilizing Lynx to be redirected to the wrong Web server.

More information on this issue is available at:

Note: Lynx is a character-cell Web browser, suitable for running on terminals such as VT100.

Contributing Factors

This issue can occur in the following releases:

Sun Linux Platform

  • Sun Linux 5.0 with Lynx 2.8.4 and earlier

The Lynx version can be identified by executing the "rpm -q lynx" command.

Note: Sun Linux 5.0 is currently shipped with the Sun LX50 Server.


There are no predictable symptoms that would show the described issue has been exploited.


To work around the described issue, disable "lynx" by removing executable and all other permissions as shown below:

To remove permissions:

    # chmod 000 /usr/bin/lynx

To restore permissions:

    # chmod 755 /usr/bin/lynx


This issue is addressed in the following releases:

Sun Linux Platform

  • Sun Linux 5.0 with Lynx 2.8.4-18.1 or later

Sun Linux patches for this issue are available at

Modification History
Date: 29-AUG-2003
  • State: Resolved
  • Updated Resolution section

Sun Linux 5.0

This solution has no attachment