RHEL 2.1 : lynx (RHSA-2003:030)

medium Nessus Plugin ID 12357

Synopsis

The remote Red Hat host is missing a security update.

Description

Updated Lynx packages fix an error in the way Lynx parses its command line arguments which can lead to faked headers being sent to a Web server.

Lynx is a character-cell Web browser, suitable for running on terminals such as the VT100.

Lynx constructs its HTTP queries from the command line (or WWW_HOME environment variable) without regard to special characters such as carriage returns or linefeeds. When given a URL containing such special characters, extra headers could be inserted into the request.
This could cause scripts using Lynx to fetch data from the wrong site from servers with virtual hosting.

Users of Lynx are advised to upgrade to these erratum packages which contain a patch to correct this isssue.

Solution

Update the affected lynx package.

See Also

https://access.redhat.com/security/cve/cve-2002-1405

https://www.mail-archive.com/[email protected]/msg08897.html

https://access.redhat.com/errata/RHSA-2003:030

Plugin Details

Severity: Medium

ID: 12357

File Name: redhat-RHSA-2003-030.nasl

Version: 1.26

Type: local

Agent: unix

Published: 7/6/2004

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:lynx, cpe:/o:redhat:enterprise_linux:2.1

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 2/20/2003

Vulnerability Publication Date: 2/19/2003

Reference Information

CVE: CVE-2002-1405

RHSA: 2003:030