[4754] in WWW Security List Archive
Re: LYNX-DEV Lynx/MSIE denial-of-service
daemon@ATHENA.MIT.EDU (Alan Cox)
Tue Mar 11 07:18:16 1997
From: Alan Cox <alan@infocalypse.cymru.net>
To: lynx-dev@austin.sig.net
Date: Tue, 11 Mar 1997 09:07:01 +0000 (GMT)
Cc: bugtraq@netspace.org, www-security@ns2.rutgers.edu
In-Reply-To: <Pine.BSI.3.95.970310144258.7182A-100000@l0pht.com> from "Doctor Who" at Mar 10, 97 03:05:20 pm
Errors-To: owner-www-security@ns2.rutgers.edu
> though viewing a file of infinite length. This has caused a modem
> connection to drop using MSIE, and slowed a Linux system using lynx to a
> crawl due to exhaustion of memory. Both processes were aborted before any
> further damage was caused.
There are a pile of others
<IMG src="telnet://localhost:19/"> and the like as well as direct tty
access bugs <A href="file:/dev/tty">Click here to lock up lynx</A>
> The CHARGEN service has other security implications and should be turned
> off in normal system operation.
Indeed.
Lynx ought to have a sanity limit on page sizes and also on opening device
files
