(OpenBSD Issues Fix) Lynx HTML Parsing Errors Let Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1012180 |
|
SecurityTracker URL: http://securitytracker.com/id/1012180
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Nov 11 2004
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Lynx in the parsing of HTML. A remote user can create HTML that, when loaded by the target user, will cause the target user's browser to crash.
Michal Zalewski reported that certain HTML tag sequences and formatting can cause denial of service conditions.
"Broken HTML" can trigger a crash.
Some demonstration exploit examples are provided at:
http://lcamtuf.coredump.cx/mangleme/gallery/
|
Impact:
A remote user can cause a target user's browser to crash when loading HTML.
|
Solution:
OpenBSD has issued the following patches:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/034_lynx.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/023_lynx.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/004_lynx.patch
|
Cause:
Exception handling error, Input validation error
|
Underlying OS:
UNIX (OpenBSD)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 11 Nov 2004 00:43:37 -0500
Subject: [none]
|
> RELIABILITY FIX: November 10, 2004
> Due to a bug in lynx(1) it is possible for pages such as this
> (http://lcamtuf.coredump.cx/mangleme/gallery/lynx_die1.html) to cause lynx(1) to
> exhaust memory and then crash when parsing such pages.
> A source code patch exists which remedies this problem.
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/034_lynx.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/023_lynx.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/004_lynx.patch
|
|
