|
Note: This is an archival copy of Security Sun Alert 200813 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000612.1. |
Category Security Release Phase Resolved 4892234 Date of Resolved Release 29-AUG-2003 Impact Sun Linux 5.0 ships with Lynx, a popular text-based Web browser for Unix systems which fails to remove certain character combinations from URL requests in versions 2.8.4 and below. A remote unprivileged user could add CRLF (Carriage Return - Line Feed) combinations to a URL request entered on the Lynx command-line or in the WWW_HOME environment variable to cause fake HTTP headers to be sent. This could result in local users that are utilizing Lynx to be redirected to the wrong Web server. More information on this issue is available at:
Note: Lynx is a character-cell Web browser, suitable for running on terminals such as VT100. Contributing Factors This issue can occur in the following releases: Sun Linux Platform
The Lynx version can be identified by executing the "rpm -q lynx" command. Note: Sun Linux 5.0 is currently shipped with the Sun LX50 Server. Symptoms There are no predictable symptoms that would show the described issue has been exploited.
Workaround To work around the described issue, disable "lynx" by removing executable and all other permissions as shown below: To remove permissions: # chmod 000 /usr/bin/lynx To restore permissions: # chmod 755 /usr/bin/lynx Resolution This issue is addressed in the following releases: Sun Linux Platform
Sun Linux patches for this issue are available at http://sunsolve.sun.com/patches/linux/security.html. Modification History Date: 29-AUG-2003
Product Sun Linux 5.0 Attachments This solution has no attachment | |||||||||||||||
|
|