lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV Alleged Lynx security emergency

From: Jim Spath (Webmaster Jim)
Subject: Re: LYNX-DEV Alleged Lynx security emergency
Date: Tue, 1 Jul 1997 06:37:36 -0400 (EDT) 
On Mon, 30 Jun 1997, Thomas Jones wrote:
> There is a story making the rounds that CERT, the Computer Emergency 
> Response Team at Carnegie-Mellon, has spotted a security vulnerability 
> in the -Lynx- (text-only) browser. Is this true? I note that there is no 
> advisory to this effect in comp.security.announce.

Yes, there was a hole in the LYDOWNLOAD processing.  Fote has fixed it.
See the following:

www.flora.org/lynx-dev/html/month0697/msg00250.html
 " /msg00317.html
 " /msg00321.html

> The reason why I am raising the issue is that a major local online 
> system, called "Sailor," has put an electronic block in its Lynx Internet 
> service, thinking that the block will somehow protect it from this 
> [alleged] Lynx bug.

I'm ccing them.  They're being cautious, as they should be...

------
<http://www.cs.indiana.edu/picons/db/users/us/md/lib/bcpl/jspath/face.xbm>
Marvin the Paranoid Android says:
You are one of the least benighted unintelligent organic life forms
it has been my profound lack of pleasure not to be able to avoid
meeting.

;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;
reply via email to
[Prev in Thread] Current Thread [Next in Thread]