[VIM] CRLF or LFCR vulnerability in Lyris? (fwd)
Steven M. Christey
coley at linus.mitre.org
Sat Dec 10 02:58:45 EST 2005
---------- Forwarded message ----------
Date: Sat, 10 Dec 2005 02:26:08 -0500 (EST)
From: Steven M. Christey <coley at mitre.org>
To: hdm at metasploit.com
Cc: coley at mitre.org
Subject: CRLF or LFCR vulnerability in Lyris?
H D,
Regarding the "%0A%0D" sequence issue in Lyris, is this some sort of
byte-ordering thing and you're really talking about a CRLF problem, or
is there genuinely something weird going on and you're sending a
"LFCR" sequence? This might matter because I haven't heard of LFCR
problems before, but it's conceivable that some applications might be
vulnerable to this variant if they do not performing cleansing and
canonicalization in the proper order.
Thanks,
- Steve
More information about the VIM
mailing list