Detections
Analytics
CentOS 5 / 6 : elinks (CESA-2013:0250)
medium Nessus Plugin ID 64562
Language:
Synopsis
The remote CentOS host is missing a security update.Description
An updated elinks package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
ELinks is a text-based web browser. ELinks does not display any images, but it does support frames, tables, and most other HTML tags.
It was found that ELinks performed client credentials delegation during the client-to-server GSS security mechanisms negotiation. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI.
(CVE-2012-4545)
This issue was discovered by Marko Myllynen of Red Hat.
All ELinks users are advised to upgrade to this updated package, which contains a backported patch to resolve the issue.
Solution
Update the affected elinks package.See Also
Plugin Details
Severity: Medium
ID: 64562
File Name: centos_RHSA-2013-0250.nasl
Version: 1.9
Type: local
Agent: unix
Family: CentOS Local Security Checks
Published: 2/12/2013
Updated: 1/4/2021
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 5.1
Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2012-4545
Vulnerability Information
CPE: cpe:/o:centos:centos:6, cpe:/o:centos:centos:5, p-cpe:/a:centos:centos:elinks
Required KB Items: Host/local_checks_enabled, Host/CentOS/release, Host/CentOS/rpm-list
Patch Publication Date: 2/11/2013
Vulnerability Publication Date: 1/3/2013
Reference Information
CVE: CVE-2012-4545
RHSA: 2013:0250