SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Lynx Vendors:   [Multiple Authors/Vendors]
(OpenBSD Issues Fix) Lynx HTML Parsing Errors Let Remote Users Deny Service
SecurityTracker Alert ID:  1012180
SecurityTracker URL:  http://securitytracker.com/id/1012180
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 11 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Lynx in the parsing of HTML. A remote user can create HTML that, when loaded by the target user, will cause the target user's browser to crash.

Michal Zalewski reported that certain HTML tag sequences and formatting can cause denial of service conditions.

"Broken HTML" can trigger a crash.

Some demonstration exploit examples are provided at:

http://lcamtuf.coredump.cx/mangleme/gallery/

Impact:   A remote user can cause a target user's browser to crash when loading HTML.
Solution:   OpenBSD has issued the following patches:

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/034_lynx.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/023_lynx.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/004_lynx.patch

Cause:   Exception handling error, Input validation error
Underlying OS:  UNIX (OpenBSD)
Underlying OS Comments:  3.4, 3.5, 3.6

Message History:   This archive entry is a follow-up to the message listed below.
Oct 20 2004 Lynx HTML Parsing Errors Let Remote Users Deny Service



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC