Lynx URL Parsing Open Redirect Vulnerability


Description   (#A vulnerability was reported in Lynx browser.#A remote attacker could exploit it by enticing their victim into following a specially crafted link in order to redirect them on an arbitrary web site.##This vulnerability stems from an improper parsing of the URL when the host name part ends with ???.##A proof of concept is available.##The lynx-cur packages provided by Debian Wheezy 7 and Jessie 8 are vulnerable.#Updated, 09/01/2017:#The lynx packages provided by FreeBSD are vulnerable.)
     
Vulnerable Products   Vulnerable OS:
Fedora (Red Hat) - 25FreeBSD (FreeBSD) - AllGNU/Linux (Debian) - 7, 8Linux Enterprise SDK (SUSE) - 11 SP4openSUSE (SUSE) - Leap 42.1, Leap 42.2Vulnerable Software:
Lynx (University of Kansas) -
     
Solution   Fixed lynx packages for openSUSE Leap 42.1 and 42.2 are available.
     
CVE   CVE-2016-9179
     
References   - oss-sec : CVE request:Lynx invalid URL parsing with '?'
http://seclists.org/oss-sec/2016/q4/322
- Debian Security Tracker : lynx-cur
https://security-tracker.debian.org/tracker/CVE-2016-9179
- VuXML : lynx -- multiple vulnerabilities
https://www.vuxml.org/freebsd/03532a19-d68e-11e6-9171-14dae9d210b8.html
- FEDORA-2017-c9828b259c : Fedora 25 Update: lynx-2.8.9-0.14.dev11.fc25
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUXKJDF62YGEI7SVFFUYQ56QCKESXF3W/
- SUSE-SU-2017:0599-1 : lynx
http://lists.suse.com/pipermail/sle-security-updates/2017-March/002675.html
- openSUSE-SU-2017:0668-1 : Security update for lynx
https://lists.opensuse.org/opensuse-updates/2017-03/msg00027.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Site with open redirect
4.0.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2016-11-03 

 Target Type 
Client 

 Possible exploit 
Remote