On Mon, Aug 19, 2002 at 07:27:41PM -0700, Bela Lubkin wrote: > If there's no user exposure, I don't see why this is any sort of > security alert at all. If it causes a security problem for servers, > those servers are still at risk -- people just have to use > _any other program that does socket I/O_ (including an unpatched Lynx) > to attack those servers.
Read the second paragraph of Technical Details again. It allows people to break out of restrictions, which is what security holes are all about. telnet and netcat don't handle URL's. Lynx does. // Ulf ; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to [EMAIL PROTECTED]
