[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Lynx CRLF Injection (fwd)

From: Ulf H{rnhammar
Subject: Re: lynx-dev Lynx CRLF Injection (fwd)
Date: Tue, 20 Aug 2002 08:48:43 +0200
User-agent: Mutt/1.3.28i

On Mon, Aug 19, 2002 at 07:27:41PM -0700, Bela Lubkin wrote:
> If there's no user exposure, I don't see why this is any sort of
> security alert at all.  If it causes a security problem for servers,
> those servers are still at risk -- people just have to use
> _any other program that does socket I/O_ (including an unpatched Lynx)
> to attack those servers.

Read the second paragraph of Technical Details again. It allows people to
break out of restrictions, which is what security holes are all about.

telnet and netcat don't handle URL's. Lynx does.

// Ulf

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]