[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev Lynx CRLF Injection (fwd)
From: |
Ulf H{rnhammar |
Subject: |
Re: lynx-dev Lynx CRLF Injection (fwd) |
Date: |
Tue, 20 Aug 2002 08:48:43 +0200 |
User-agent: |
Mutt/1.3.28i |
On Mon, Aug 19, 2002 at 07:27:41PM -0700, Bela Lubkin wrote:
> If there's no user exposure, I don't see why this is any sort of
> security alert at all. If it causes a security problem for servers,
> those servers are still at risk -- people just have to use
> _any other program that does socket I/O_ (including an unpatched Lynx)
> to attack those servers.
Read the second paragraph of Technical Details again. It allows people to
break out of restrictions, which is what security holes are all about.
telnet and netcat don't handle URL's. Lynx does.
// Ulf
; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden
- lynx-dev Lynx CRLF Injection (fwd), Ulf Harnhammar, 2002/08/19
- Re: lynx-dev Lynx CRLF Injection (fwd), Bela Lubkin, 2002/08/19
- Re: lynx-dev Lynx CRLF Injection (fwd),
Ulf H{rnhammar <=
- Re: lynx-dev Lynx CRLF Injection (fwd), pg, 2002/08/20
- Re: lynx-dev Lynx CRLF Injection (fwd), tg, 2002/08/20
- Re: lynx-dev Lynx CRLF Injection (fwd), Ulf H{rnhammar, 2002/08/20
- Re: lynx-dev Lynx CRLF Injection (fwd), Ulf H{rnhammar, 2002/08/21
- Re: lynx-dev Lynx CRLF Injection (fwd), Ulf H{rnhammar, 2002/08/21