[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV Lynx/MSIE denial-of-service
From: |
Alan Cox |
Subject: |
Re: LYNX-DEV Lynx/MSIE denial-of-service |
Date: |
Tue, 11 Mar 1997 09:07:01 +0000 (GMT) |
> though viewing a file of infinite length. This has caused a modem
> connection to drop using MSIE, and slowed a Linux system using lynx to a
> crawl due to exhaustion of memory. Both processes were aborted before any
> further damage was caused.
There are a pile of others
<IMG src="telnet://localhost:19/"> and the like as well as direct tty
access bugs <A href="file:/dev/tty">Click here to lock up lynx</A>
> The CHARGEN service has other security implications and should be turned
> off in normal system operation.
Indeed.
Lynx ought to have a sanity limit on page sizes and also on opening device
files
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;
Re: LYNX-DEV Lynx/MSIE denial-of-service, Klaus Weide, 1997/03/11