CVE-2012-4545

Related Files

Mandriva Linux Security Advisory 2013-075

Posted Apr 9, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-075 - Marko Myllynen discovered that ELinks, a powerful text-mode browser, incorrectly delegates user credentials during GSS-Negotiate.

tags | advisory

systems | linux, mandriva

advisories | CVE-2012-4545

SHA-256 | 251604e47df85aba6acfbb679183dc7020c10e60894c9a7c2be99263bbba5f1d

Download | Favorite | View

Red Hat Security Advisory 2013-0250-01

Posted Feb 11, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0250-01 - ELinks is a text-based web browser. ELinks does not display any images, but it does support frames, tables, and most other HTML tags. It was found that ELinks performed client credentials delegation during the client-to-server GSS security mechanisms negotiation. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. This issue was discovered by Marko Myllynen of Red Hat. All ELinks users are advised to upgrade to this updated package, which contains a backported patch to resolve the issue.

tags | advisory, web

systems | linux, redhat

advisories | CVE-2012-4545

SHA-256 | 0c1ca928ab4078246f51993091cfb756bb07c01c97598bcc98f62b3721f74e77

Download | Favorite | View

Debian Security Advisory 2592-1

Posted Dec 29, 2012

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2592-1 - Marko Myllynen discovered that elinks, a powerful text-mode browser, incorrectly delegates user credentials during GSS-Negotiate.

tags | advisory

systems | linux, debian

advisories | CVE-2012-4545

SHA-256 | 149c360062a76e5cec29b9d5823b3e815bd95780d8d20666f866ebe907200af3

Download | Favorite | View