CentOS Local Security Checks : CentOS Update for elinks CESA-2013:0250 centos6

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.881600

Kategorie: CentOS Local Security Checks

Titel: CentOS Update for elinks CESA-2013:0250 centos6

Zusammenfassung: The remote host is missing an update for the 'elinks'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'elinks'
package(s) announced via the referenced advisory.

Vulnerability Insight:
ELinks is a text-based web browser. ELinks does not display any images, but
it does support frames, tables, and most other HTML tags.

It was found that ELinks performed client credentials delegation during the
client-to-server GSS security mechanisms negotiation. A rogue server could
use this flaw to obtain the client's credentials and impersonate that
client to other servers that are using GSSAPI. (CVE-2012-4545)

This issue was discovered by Marko Myllynen of Red Hat.

All ELinks users are advised to upgrade to this updated package, which
contains a backported patch to resolve the issue.

Affected Software/OS:
elinks on CentOS 6

Solution:
Please install the updated packages.

CVSS Score:
5.1

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-4545
51569
http://secunia.com/advisories/51569
57065
http://www.securityfocus.com/bid/57065
DSA-2592
http://www.debian.org/security/2012/dsa-2592
MDVSA-2013:075
http://www.mandriva.com/security/advisories?name=MDVSA-2013:075
RHSA-2013:0250
http://rhn.redhat.com/errata/RHSA-2013-0250.html
elinks-httpnegotiate-security-bypass(80882)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80882
http://bugzilla.elinks.cz/show_bug.cgi?id=1124
http://repo.or.cz/w/elinks.git/blobdiff/89056e21fc7ab8e1c2d4e06ec9d0c6d01e70669a..da18694ff7dd0b67dfcb3c417fb0579b1e7d02d7:/src/protocol/http/http_negotiate.c

Copyright Copyright (C) 2013 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.881600
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for elinks CESA-2013:0250 centos6
Zusammenfassung:	The remote host is missing an update for the 'elinks'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'elinks' package(s) announced via the referenced advisory. Vulnerability Insight: ELinks is a text-based web browser. ELinks does not display any images, but it does support frames, tables, and most other HTML tags. It was found that ELinks performed client credentials delegation during the client-to-server GSS security mechanisms negotiation. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. (CVE-2012-4545) This issue was discovered by Marko Myllynen of Red Hat. All ELinks users are advised to upgrade to this updated package, which contains a backported patch to resolve the issue. Affected Software/OS: elinks on CentOS 6 Solution: Please install the updated packages. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4545 51569 http://secunia.com/advisories/51569 57065 http://www.securityfocus.com/bid/57065 DSA-2592 http://www.debian.org/security/2012/dsa-2592 MDVSA-2013:075 http://www.mandriva.com/security/advisories?name=MDVSA-2013:075 RHSA-2013:0250 http://rhn.redhat.com/errata/RHSA-2013-0250.html elinks-httpnegotiate-security-bypass(80882) https://exchange.xforce.ibmcloud.com/vulnerabilities/80882 http://bugzilla.elinks.cz/show_bug.cgi?id=1124 http://repo.or.cz/w/elinks.git/blobdiff/89056e21fc7ab8e1c2d4e06ec9d0c6d01e70669a..da18694ff7dd0b67dfcb3c417fb0579b1e7d02d7:/src/protocol/http/http_negotiate.c
Copyright	Copyright (C) 2013 Greenbone AG