CentOS Local Security Checks : CentOS Update for elinks CESA-2013:0250 centos5

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.881599

Categoría: CentOS Local Security Checks

Título: CentOS Update for elinks CESA-2013:0250 centos5

Resumen: The remote host is missing an update for the 'elinks'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'elinks'
package(s) announced via the referenced advisory.

Vulnerability Insight:
ELinks is a text-based web browser. ELinks does not display any images, but
it does support frames, tables, and most other HTML tags.

It was found that ELinks performed client credentials delegation during the
client-to-server GSS security mechanisms negotiation. A rogue server could
use this flaw to obtain the client's credentials and impersonate that
client to other servers that are using GSSAPI. (CVE-2012-4545)

This issue was discovered by Marko Myllynen of Red Hat.

All ELinks users are advised to upgrade to this updated package, which
contains a backported patch to resolve the issue.

Affected Software/OS:
elinks on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
5.1

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-4545
51569
http://secunia.com/advisories/51569
57065
http://www.securityfocus.com/bid/57065
DSA-2592
http://www.debian.org/security/2012/dsa-2592
MDVSA-2013:075
http://www.mandriva.com/security/advisories?name=MDVSA-2013:075
RHSA-2013:0250
http://rhn.redhat.com/errata/RHSA-2013-0250.html
elinks-httpnegotiate-security-bypass(80882)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80882
http://bugzilla.elinks.cz/show_bug.cgi?id=1124
http://repo.or.cz/w/elinks.git/blobdiff/89056e21fc7ab8e1c2d4e06ec9d0c6d01e70669a..da18694ff7dd0b67dfcb3c417fb0579b1e7d02d7:/src/protocol/http/http_negotiate.c

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.881599
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for elinks CESA-2013:0250 centos5
Resumen:	The remote host is missing an update for the 'elinks'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'elinks' package(s) announced via the referenced advisory. Vulnerability Insight: ELinks is a text-based web browser. ELinks does not display any images, but it does support frames, tables, and most other HTML tags. It was found that ELinks performed client credentials delegation during the client-to-server GSS security mechanisms negotiation. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. (CVE-2012-4545) This issue was discovered by Marko Myllynen of Red Hat. All ELinks users are advised to upgrade to this updated package, which contains a backported patch to resolve the issue. Affected Software/OS: elinks on CentOS 5 Solution: Please install the updated packages. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4545 51569 http://secunia.com/advisories/51569 57065 http://www.securityfocus.com/bid/57065 DSA-2592 http://www.debian.org/security/2012/dsa-2592 MDVSA-2013:075 http://www.mandriva.com/security/advisories?name=MDVSA-2013:075 RHSA-2013:0250 http://rhn.redhat.com/errata/RHSA-2013-0250.html elinks-httpnegotiate-security-bypass(80882) https://exchange.xforce.ibmcloud.com/vulnerabilities/80882 http://bugzilla.elinks.cz/show_bug.cgi?id=1124 http://repo.or.cz/w/elinks.git/blobdiff/89056e21fc7ab8e1c2d4e06ec9d0c6d01e70669a..da18694ff7dd0b67dfcb3c417fb0579b1e7d02d7:/src/protocol/http/http_negotiate.c
Copyright	Copyright (C) 2013 Greenbone AG