COMMAND
	lynx CRLF injection vulnerability
SYSTEMS AFFECTED
	?
PROBLEM
	A vulnerability was discovered in lynx, a  text-mode  web  browser.  The
	From Mandrake Linux Security Update Advisory [MDKSA-2003:023]
	HTTP queries that lynx constructs are  from  arguments  on  the  command
	line or the $WWW_HOME environment variable, but lynx does  not  properly
	sanitize special characters  such  as  carriage  returns  or  linefeeds.
	Extra headers can be inserted into the request because  of  this,  which
	can cause scripts that use lynx to fetch data from the wrong  site  from
	servers that use virtual hosting.
	References:
	
	  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1405
	
SOLUTION
	Updates available, check your distro