From owner-doc-jp@jp.freebsd.org  Thu Mar 23 13:50:40 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id NAA92544;
	Thu, 23 Mar 2000 13:50:40 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from sv01.geocities.co.jp (sv01.geocities.co.jp [210.153.89.155])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id NAA92539
	for <doc-jp@jp.freebsd.org>; Thu, 23 Mar 2000 13:50:39 +0900 (JST)
	(envelope-from hrs@geocities.co.jp)
Received: from mail.geocities.co.jp (mail.geocities.co.jp [210.153.89.137]) by sv01.geocities.co.jp (8.9.3+3.2W/3.7W) with ESMTP id NAA02867 for <doc-jp@jp.freebsd.org>; Thu, 23 Mar 2000 13:50:39 +0900 (JST)
Received: from mail.hrs.jp (sutnmax1-ppp37.ed.noda.sut.ac.jp [133.31.173.47]) by mail.geocities.co.jp (1.3G-GeocitiesJ-3.3) with ESMTP id NAA19671 for <doc-jp@jp.freebsd.org>; Thu, 23 Mar 2000 13:50:34 +0900 (JST)
Message-Id: <200003230450.NAA19671@mail.geocities.co.jp>
Received: from localhost (alph.hrs.jp [192.168.0.10])
	by mail.hrs.jp (8.9.3/3.7W/DomainMaster) with ESMTP id LAA55836
	for <doc-jp@jp.freebsd.org>; Thu, 23 Mar 2000 11:27:52 +0900 (JST)
	(envelope-from hrs@hrs.jp)
To: doc-jp@jp.freebsd.org
In-Reply-To: <20000315173443.F231737BA56@hub.freebsd.org>
References: <20000315173443.F231737BA56@hub.freebsd.org>
X-Mailer: Mew version 1.94 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Date: Thu, 23 Mar 2000 11:27:51 +0900
From: Hiroki Sato <hrs@geocities.co.jp>
X-Dispatcher: imput version 990905(IM130)
Lines: 141
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 7193
Subject: [doc-jp 7193] Re: ANNOUNCE: FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: hrs@geocities.co.jp

$B:4F#!wEl5~M}2JBg3X$G$9!#(B

 SA-00:08.lynx $B$NF|K\8lLu$G$9!#(B

--
| $B:4F#(B $B9-@8!wEl5~M}2JBg3X(B <hrs@geocities.co.jp>
|
|                                  j7397067@ed.noda.sut.ac.jp(univ)
|                        hrs@jp.FreeBSD.org(FreeBSD doc-jp Project)

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx
  From: FreeBSD Security Officer <security-officer@freebsd.org>
  Date: Wed, 15 Mar 2000 09:34:43 -0800 (PST)
  Message-Id: <20000315173443.F231737BA56@hub.freebsd.org>
  X-Sequence: announce-jp 399

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B$N%A%'%C%/$r(B
 $B9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B(doc-jp)$B$,(B
 $B;29M$N$?$a$KDs6!$9$k$b$N$G(B, $BK]Lu<T$*$h$S(B doc-jp $B$O(B $B$=$NFbMF$K$D$$$F(B
 $B$$$+$J$kJ]>Z$b$$$?$7$^$;$s(B. $BF|K\8lLu$K$D$$$F$N$*Ld$$9g$o$;$O(B,
 doc-jp@jp.freebsd.org $B$^$G$*4j$$$7$^$9(B.

--($B$3$3$+$i(B)

=============================================================================
FreeBSD-SA-00:08                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	Lynx ports contain numerous buffer overflows

$BJ,N`(B:           ports
$B%b%8%e!<%k(B      lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current
$B9pCNF|(B:         2000-03-15
$B1F6AHO0O(B:       $B=$@5F|0JA0$N(B Ports collection
$B=$@5F|(B:         $BK\J8$r;2>H(B
FreeBSD $B$K8GM-$+(B:   NO

I.   $BGX7J(B - Background

Lynx is a popular text-mode WWW browser, available in several versions
including SSL support and Japanese language localization.

lynx $B$OM-L>$J%F%-%9%H%b!<%I(B WWW $B%V%i%&%6$G!"(BSSL $B%5%]!<%H$NDI2C$d(B
$BF|K\8l2=$5$l$?$b$N$J$I!"$$$/$D$+$N%P!<%8%g%s$,$"$j$^$9!#(B

II.  $BLdBj$N>\:Y(B - Problem Description

The lynx software is written in a very insecure style and contains numerous
potential and several proven security vulnerabilities (publicized on the
BugTraq mailing list) exploitable by a malicious server.

lynx $B$O!"%;%-%e%j%F%#$r$[$H$s$I9MN8$7$J$$%9%?%$%k$G=q$+$l$F$$$k$?$a!"(B
$B@x:_E*$J%;%-%e%j%F%#>e$N<eE@$r?tB?$/4^$s$G$$$^$9!#$^$?!"(B
(BugTraq $B%a!<%j%s%0%j%9%H$G8x3+$5$l$?(B)$B$=$N$&$A$N$$$/$D$+$O!"(B
$B0-0U$N$"$k%5!<%P$+$i(B exploit $B2DG=$G$"$k$3$H$,3N$+$a$i$l$F$$$^$9!#(B

The lynx ports are not installed by default, nor are they "part of FreeBSD"
as such: they are part of the FreeBSD ports collection, which contains over
3100 third-party applications in a ready-to-install format.

lynx $B$N(B port $B$O!"%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k$b$N$G$O$J$/!"(B
FreeBSD $B%7%9%F%`$N0lIt$r9=@.$9$k$b$N$G$b$"$j$^$;$s!#(B
$B$=$l$i$O!"(B3100 $B$rD6$($k%5!<%I%Q!<%F%#@=$N%"%W%j%1!<%7%g%s$,(B
$B$9$0$K%$%s%9%H!<%k$G$-$k7A$G<}$a$i$l$F$$$k(B
FreeBSD Ports Collection $B$N0lIt$G$9!#(B

FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security audit
of the most security-critical ports.

FreeBSD $B$G$O(B, $B$3$N$h$&$J%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#(B
$BLdBj$KBP$7$F(B, $BFC$K2?$+$r<gD%$9$k$3$H$O$"$j$^$;$s(B($BLuCm(B: Ports Collection $B$K(B
$BF~$C$F$$$k$+$i$H$$$C$F(B, FreeBSD $B$N3+H/<T$?$A$,$=$N%"%W%j%1!<%7%g%s$,(B
$B0BA4$G$"$k$HI>2A$7$?$o$1$G$O$"$j$^$;$s(B). $B$?$@$7(B, $B%;%-%e%j%F%#LdBj$K(B
$BBP$7$FBg$-$J1F6A$r;}$D$h$&$J(B ports $B$KBP$9$k%;%-%e%j%F%#4F::$rDs6!$9$Y$/(B,
$B8=:_EXNOCf$G$9(B. 

III. $B1F6AHO0O(B - Impact

A malicious server which is visited by a user with the lynx browser can
exploit the browser security holes in order to execute arbitrary code as
the local user.

$B%f!<%6$,(B lynx $B%V%i%&%6$r;H$C$F0-0U$N$"$k%5!<%P$K%"%/%;%9$7$?>l9g!"(B
$B$=$N%5!<%P$O%V%i%&%6$N%;%-%e%j%F%#%[!<%k$r(B exploit $B$7$F!"(B
$B%"%/%;%9$7$?%m!<%+%k%f!<%6$N8"8B$GG$0U$N%3!<%I$r<B9T$9$k$3$H$,2DG=$G$9!#(B

If you have not chosen to install any of the
lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current ports/packages, then
your system is not vulnerable.

lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current $B$N(B port $B$b$7$/$O(B package $B$r(B
$B0l$D$b%$%s%9%H!<%k$7$F$$$J$1$l$P!"%7%9%F%`$K%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s!#(B

IV.  $BBP1~:v(B - Workaround

Remove the lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current ports, if you
you have installed them.

lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current $B$N(B port $B$,(B
$B%$%s%9%H!<%k$5$l$F$$$k>l9g$K$O!"$=$l$i$r:o=|$7$F2<$5$$!#(B

V.   $B=$@5=hCV(B - Solution

Unfortunately, there is no simple fix to the security problems with the
lynx code: it will require a full review by the lynx development team and
recoding of the affected sections with a more security-conscious attitude.

$BET9g$N0-$$$3$H$K!"$3$N(B lynx $B%3!<%I$KB8:_$9$k%;%-%e%j%F%#>e$NLdBjE@$r(B
$B4JC1$K=$@5$9$kJ}K!$O$"$j$^$;$s!#$=$l$K$O!"(Blynx $B3+H/%A!<%`$K$h$k40A4$J8!>Z$H!"(B
$B$h$j%;%-%e%j%F%#$r9MN8$7$?7A$G$N!"1F6A$9$kItJ,$N:F%3!<%G%#%s%0$rI,MW$H$7$^$9!#(B

In the meantime, there are two other text-mode WWW browsers available in
FreeBSD ports: www/w3m (also available in www/w3m-ssl for an SSL-enabled
version, and japanese/w3m for Japanese-localization) and www/links.

$B$=$l$^$GMxMQ$G$-$k$b$N$H$7$F!"(BFreeBSD Ports Collection $B$K$O(B
$BJL$NFs$D$N%F%-%9%H%b!<%I(B WWW $B%V%i%&%6$,4^$^$l$F$$$^$9!#$=$l$O(B
www/w3m(SSL $B$r%5%]!<%H$9$k(B www/w3m-ssl $B$H(B $BF|K\8lHG$N(B japanese/w3m $B$b$"$j$^$9(B)
$B$H(B www/links $B$G$9!#(B

Note that the FreeBSD Security Officer does not make any recommendation
about the security of these two browsers - in particular, they both appear
to contain potential security risks, and a full audit has not been
performed, but at present no proven security holes are known. User beware -
please watch for future security advisories which will publicize any such
vulnerabilities discovered in these ports.

$B$?$@$7!"(BFreeBSD Security Officer $B$H$7$F!"$3$l$iFs$D$N%V%i%&%6$r(B
$B%;%-%e%j%F%#$N8+CO$+$i?d>)$7$F$$$k$H$$$&$o$1$G$O$"$j$^$;$s$N$G$4Cm0U2<$5$$!#(B
$B$3$l$i$OFs$D$H$b@x:_E*$J%;%-%e%j%F%#%j%9%/$r4^$s$G$$$k$H;W$o$l$^$9$,!"(B
$B40A4$JD4::$,9T$J$o$l$F$$$J$$$?$a!"8!>Z2DG=$J%;%-%e%j%F%#%[!<%k$O8=;~E@$G(B
$BCN$i$l$F$$$^$;$s!#MxMQ$5$l$k>l9g$K$O!"$3$l$iFs$D$N(B port $B$N(B
$B%;%-%e%j%F%#>e$N<eE@$K4X$9$k:#8e$N4+9p$KCm0U$9$k$h$&$K$*4j$$$7$^$9!#(B
