[VIM] CRLF or LFCR vulnerability in Lyris? (fwd)

Steven M. Christey coley at linus.mitre.org
Sat Dec 10 02:58:45 EST 2005

---------- Forwarded message ----------
Date: Sat, 10 Dec 2005 02:26:08 -0500 (EST)
From: Steven M. Christey <coley at mitre.org>
To: hdm at metasploit.com
Cc: coley at mitre.org
Subject: CRLF or LFCR vulnerability in Lyris?

H D,

Regarding the "%0A%0D" sequence issue in Lyris, is this some sort of
byte-ordering thing and you're really talking about a CRLF problem, or
is there genuinely something weird going on and you're sending a
"LFCR" sequence?  This might matter because I haven't heard of LFCR
problems before, but it's conceivable that some applications might be
vulnerable to this variant if they do not performing cleansing and
canonicalization in the proper order.

- Steve

More information about the VIM mailing list