CERT-In Vulnerability Note CIVN-2006-42
Lynx Malformed HTML Infinite Loop Denial of Service Vulnerability
Original Issue Date: May 30, 2006
Severity Rating:
Medium
Systems Affected
Overview Lynx is a popular text based browser in *nix based systems. A vulnerability has been reported in Lynx in the parsing of HTML, Which could be exploited by remote attackers to cause a denial of service attack.
Description
A vulnerability has been reported in Lynx web browser in the way it parses specially crafted html files. A remote attacker could exploit this vulnerability by hosting a specially-crafted Web page that contains invalid HTML including a TEXTAREA tag with a large COLS value and/or a large tag name in an element that is not terminated and entice the user to visit the same or by sending it to a victim as an HTML email to cause Denial Of Service attack.
Workaround
Upgrade with the latest version.
References
Debian
http://www.debian.org/security/2006/dsa-1076
Security Tracker http://securitytracker.com/alerts/2004/Oct/1011809.html
Security Focus
http://www.securityfocus.com/bid/11443
http://marc.theaimsgroup.com/?l=bugtraq&m=109811406620511&w=2
CVE Name
CVE-2004-1617
Disclaimer The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91 11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
