{"id": "FEDORA:C60D321045", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 18 Update: elinks-0.12-0.32.pre5.fc18", "description": "Elinks is a text-based Web browser. Elinks does not display any images, but it does support frames, tables and most other HTML tags. Elinks' advantage over graphical browsers is its speed--Elinks starts and exits quickly and swiftly displays Web pages. ", "published": "2013-01-14T04:05:30", "modified": "2013-01-14T04:05:30", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2012-4545"], "lastseen": "2020-12-21T08:17:51", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-4545"]}, {"type": "openvas", "idList": ["OPENVAS:866979", "OPENVAS:1361412562310864996", "OPENVAS:881599", "OPENVAS:1361412562310881600", "OPENVAS:864996", "OPENVAS:1361412562310881599", "OPENVAS:881600", "OPENVAS:1361412562310865122", "OPENVAS:1361412562310870907", "OPENVAS:870907"]}, {"type": "centos", "idList": ["CESA-2013:0250"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12796", "SECURITYVULNS:DOC:28901"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2592-1:7FEFB"]}, {"type": "nessus", "idList": ["SL_20130211_ELINKS_ON_SL5_X.NASL", "FEDORA_2013-0265.NASL", "ORACLELINUX_ELSA-2013-0250.NASL", "MANDRIVA_MDVSA-2013-075.NASL", "DEBIAN_DSA-2592.NASL", "FEDORA_2013-0207.NASL", "CENTOS_RHSA-2013-0250.NASL", "REDHAT-RHSA-2013-0250.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0250"]}, {"type": "redhat", "idList": ["RHSA-2013:0250"]}, {"type": "fedora", "idList": ["FEDORA:5370C21CE4", "FEDORA:500A021230", "FEDORA:9A8F0217F1"]}], "modified": "2020-12-21T08:17:51", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2020-12-21T08:17:51", "rev": 2}, "vulnersScore": 5.4}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "18", "arch": "any", "packageName": "elinks", "packageVersion": "0.12", "packageFilename": "UNKNOWN", "operator": "lt"}]}

{"cve": [{"lastseen": "2020-10-03T12:06:09", "description": "The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials.", "edition": 3, "cvss3": {}, "published": "2013-01-03T01:55:00", "title": "CVE-2012-4545", "type": "cve", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4545"], "modified": "2017-08-29T01:32:00", "cpe": ["cpe:/a:elinks:elinks:0.12"], "id": "CVE-2012-4545", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4545", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:elinks:elinks:0.12:pre3:*:*:*:*:*:*", "cpe:2.3:a:elinks:elinks:0.12:pre5:*:*:*:*:*:*", "cpe:2.3:a:elinks:elinks:0.12:pre1:*:*:*:*:*:*", "cpe:2.3:a:elinks:elinks:0.12:pre2:*:*:*:*:*:*", "cpe:2.3:a:elinks:elinks:0.12:pre4:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:38:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4545"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-01-21T00:00:00", "id": "OPENVAS:1361412562310865122", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865122", "type": "openvas", "title": "Fedora Update for elinks FEDORA-2013-0207", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for elinks FEDORA-2013-0207\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_tag(name:\"affected\", value:\"elinks on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096659.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865122\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:30:34 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2012-4545\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-0207\");\n script_name(\"Fedora Update for elinks FEDORA-2013-0207\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'elinks'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"elinks\", rpm:\"elinks~0.12~0.32.pre5.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4545"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2013-02-15T00:00:00", "id": "OPENVAS:1361412562310870907", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870907", "type": "openvas", "title": "RedHat Update for elinks RHSA-2013:0250-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for elinks RHSA-2013:0250-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-February/msg00018.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870907\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-15 11:15:17 +0530 (Fri, 15 Feb 2013)\");\n script_cve_id(\"CVE-2012-4545\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2013:0250-01\");\n script_name(\"RedHat Update for elinks RHSA-2013:0250-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'elinks'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(6|5)\");\n script_tag(name:\"affected\", value:\"elinks on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"ELinks is a text-based web browser. ELinks does not display any images, but\n it does support frames, tables, and most other HTML tags.\n\n It was found that ELinks performed client credentials delegation during the\n client-to-server GSS security mechanisms negotiation. A rogue server could\n use this flaw to obtain the client's credentials and impersonate that\n client to other servers that are using GSSAPI. (CVE-2012-4545)\n\n This issue was discovered by Marko Myllynen of Red Hat.\n\n All ELinks users are advised to upgrade to this updated package, which\n contains a backported patch to resolve the issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"elinks\", rpm:\"elinks~0.12~0.21.pre5.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"elinks-debuginfo\", rpm:\"elinks-debuginfo~0.12~0.21.pre5.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"elinks\", rpm:\"elinks~0.11.1~8.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"elinks-debuginfo\", rpm:\"elinks-debuginfo~0.11.1~8.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4545"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-02-15T00:00:00", "id": "OPENVAS:1361412562310881600", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881600", "type": "openvas", "title": "CentOS Update for elinks CESA-2013:0250 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for elinks CESA-2013:0250 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-February/019236.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881600\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-15 11:15:37 +0530 (Fri, 15 Feb 2013)\");\n script_cve_id(\"CVE-2012-4545\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2013:0250\");\n script_name(\"CentOS Update for elinks CESA-2013:0250 centos6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'elinks'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n script_tag(name:\"affected\", value:\"elinks on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"ELinks is a text-based web browser. ELinks does not display any images, but\n it does support frames, tables, and most other HTML tags.\n\n It was found that ELinks performed client credentials delegation during the\n client-to-server GSS security mechanisms negotiation. A rogue server could\n use this flaw to obtain the client's credentials and impersonate that\n client to other servers that are using GSSAPI. (CVE-2012-4545)\n\n This issue was discovered by Marko Myllynen of Red Hat.\n\n All ELinks users are advised to upgrade to this updated package, which\n contains a backported patch to resolve the issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"elinks\", rpm:\"elinks~0.12~0.21.pre5.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4545"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-01-15T00:00:00", "id": "OPENVAS:1361412562310864996", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864996", "type": "openvas", "title": "Fedora Update for elinks FEDORA-2013-0265", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for elinks FEDORA-2013-0265\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096727.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864996\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-15 18:06:09 +0530 (Tue, 15 Jan 2013)\");\n script_cve_id(\"CVE-2012-4545\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2013-0265\");\n script_name(\"Fedora Update for elinks FEDORA-2013-0265\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'elinks'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"elinks on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"elinks\", rpm:\"elinks~0.12~0.29.pre5.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-27T10:51:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4545"], "description": "Check for the Version of elinks", "modified": "2017-07-12T00:00:00", "published": "2013-02-15T00:00:00", "id": "OPENVAS:870907", "href": "http://plugins.openvas.org/nasl.php?oid=870907", "type": "openvas", "title": "RedHat Update for elinks RHSA-2013:0250-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for elinks RHSA-2013:0250-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ELinks is a text-based web browser. ELinks does not display any images, but\n it does support frames, tables, and most other HTML tags.\n\n It was found that ELinks performed client credentials delegation during the\n client-to-server GSS security mechanisms negotiation. A rogue server could\n use this flaw to obtain the client's credentials and impersonate that\n client to other servers that are using GSSAPI. (CVE-2012-4545)\n\n This issue was discovered by Marko Myllynen of Red Hat.\n\n All ELinks users are advised to upgrade to this updated package, which\n contains a backported patch to resolve the issue.\";\n\n\ntag_affected = \"elinks on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-February/msg00018.html\");\n script_id(870907);\n script_version(\"$Revision: 6687 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:46:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-15 11:15:17 +0530 (Fri, 15 Feb 2013)\");\n script_cve_id(\"CVE-2012-4545\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2013:0250-01\");\n script_name(\"RedHat Update for elinks RHSA-2013:0250-01\");\n\n script_summary(\"Check for the Version of elinks\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"elinks\", rpm:\"elinks~0.12~0.21.pre5.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"elinks-debuginfo\", rpm:\"elinks-debuginfo~0.12~0.21.pre5.el6_3\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"elinks\", rpm:\"elinks~0.11.1~8.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"elinks-debuginfo\", rpm:\"elinks-debuginfo~0.11.1~8.el5_9\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:51:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4545"], "description": "Marko Myllynen discovered that ELinks, a powerful text-mode browser,\nincorrectly delegates user credentials during GSS-Negotiate.", "modified": "2017-07-07T00:00:00", "published": "2013-09-18T00:00:00", "id": "OPENVAS:892592", "href": "http://plugins.openvas.org/nasl.php?oid=892592", "type": "openvas", "title": "Debian Security Advisory DSA 2592-1 (elinks - programming error)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2592_1.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2592-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"elinks on Debian Linux\";\ntag_insight = \"ELinks is a feature-rich program for browsing the web in text mode. It is\nlike enhanced Lynx and Links. The most noteworthy features of ELinks are:\";\ntag_solution = \"For the stable distribution (squeeze), this problem has been fixed in\nversion 0.12~pre5-2+squeeze1. Since the initial Squeeze release,\nXULRunner needed to be updated and the version currently in the archive\nis incompatible with ELinks. As such, JavaScript support needed to be\ndisabled (only a small subset of typical functionality was supported\nanyway). It will likely be re-enabled in a later point update.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 0.12~pre5-9.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.12~pre5-9.\n\nWe recommend that you upgrade your elinks packages.\";\ntag_summary = \"Marko Myllynen discovered that ELinks, a powerful text-mode browser,\nincorrectly delegates user credentials during GSS-Negotiate.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892592);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2012-4545\");\n script_name(\"Debian Security Advisory DSA 2592-1 (elinks - programming error)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-09-18 11:53:02 +0200 (Wed, 18 Sep 2013)\");\n script_tag(name: \"cvss_base\", value:\"5.1\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2012/dsa-2592.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"elinks\", ver:\"0.12~pre5-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"elinks-data\", ver:\"0.12~pre5-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"elinks-doc\", ver:\"0.12~pre5-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"elinks-lite\", ver:\"0.12~pre5-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"elinks\", ver:\"0.12~pre5-9\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"elinks-data\", ver:\"0.12~pre5-9\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"elinks-doc\", ver:\"0.12~pre5-9\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"elinks-lite\", ver:\"0.12~pre5-9\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:52:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4545"], "description": "Check for the Version of elinks", "modified": "2017-07-10T00:00:00", "published": "2013-02-15T00:00:00", "id": "OPENVAS:881600", "href": "http://plugins.openvas.org/nasl.php?oid=881600", "type": "openvas", "title": "CentOS Update for elinks CESA-2013:0250 centos6 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for elinks CESA-2013:0250 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ELinks is a text-based web browser. ELinks does not display any images, but\n it does support frames, tables, and most other HTML tags.\n\n It was found that ELinks performed client credentials delegation during the\n client-to-server GSS security mechanisms negotiation. A rogue server could\n use this flaw to obtain the client's credentials and impersonate that\n client to other servers that are using GSSAPI. (CVE-2012-4545)\n \n This issue was discovered by Marko Myllynen of Red Hat.\n \n All ELinks users are advised to upgrade to this updated package, which\n contains a backported patch to resolve the issue.\";\n\n\ntag_affected = \"elinks on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-February/019236.html\");\n script_id(881600);\n script_version(\"$Revision: 6655 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:48:58 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-15 11:15:37 +0530 (Fri, 15 Feb 2013)\");\n script_cve_id(\"CVE-2012-4545\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2013:0250\");\n script_name(\"CentOS Update for elinks CESA-2013:0250 centos6 \");\n\n script_summary(\"Check for the Version of elinks\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"elinks\", rpm:\"elinks~0.12~0.21.pre5.el6_3\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4545"], "description": "Oracle Linux Local Security Checks ELSA-2013-0250", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123726", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123726", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0250", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0250.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123726\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:07:43 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0250\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0250 - elinks security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0250\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0250.html\");\n script_cve_id(\"CVE-2012-4545\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(5|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"elinks\", rpm:\"elinks~0.11.1~8.el5_9\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"elinks\", rpm:\"elinks~0.12~0.21.pre5.el6_3\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:51:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4545"], "description": "Check for the Version of elinks", "modified": "2017-07-10T00:00:00", "published": "2013-02-15T00:00:00", "id": "OPENVAS:881599", "href": "http://plugins.openvas.org/nasl.php?oid=881599", "type": "openvas", "title": "CentOS Update for elinks CESA-2013:0250 centos5 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for elinks CESA-2013:0250 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ELinks is a text-based web browser. ELinks does not display any images, but\n it does support frames, tables, and most other HTML tags.\n\n It was found that ELinks performed client credentials delegation during the\n client-to-server GSS security mechanisms negotiation. A rogue server could\n use this flaw to obtain the client's credentials and impersonate that\n client to other servers that are using GSSAPI. (CVE-2012-4545)\n \n This issue was discovered by Marko Myllynen of Red Hat.\n \n All ELinks users are advised to upgrade to this updated package, which\n contains a backported patch to resolve the issue.\";\n\n\ntag_affected = \"elinks on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-February/019235.html\");\n script_id(881599);\n script_version(\"$Revision: 6655 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:48:58 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-15 11:15:33 +0530 (Fri, 15 Feb 2013)\");\n script_cve_id(\"CVE-2012-4545\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2013:0250\");\n script_name(\"CentOS Update for elinks CESA-2013:0250 centos5 \");\n\n script_summary(\"Check for the Version of elinks\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"elinks\", rpm:\"elinks~0.11.1~8.el5_9\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:08:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4545"], "description": "Check for the Version of elinks", "modified": "2018-01-17T00:00:00", "published": "2013-10-15T00:00:00", "id": "OPENVAS:866979", "href": "http://plugins.openvas.org/nasl.php?oid=866979", "type": "openvas", "title": "Fedora Update for elinks FEDORA-2013-18347", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for elinks FEDORA-2013-18347\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866979);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-15 13:00:00 +0530 (Tue, 15 Oct 2013)\");\n script_cve_id(\"CVE-2012-4545\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for elinks FEDORA-2013-18347\");\n\n tag_insight = \"Elinks is a text-based Web browser. Elinks does not display any images,\nbut it does support frames, tables and most other HTML tags. Elinks'\nadvantage over graphical browsers is its speed--Elinks starts and exits\nquickly and swiftly displays Web pages.\n\";\n\n tag_affected = \"elinks on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-18347\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119027.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of elinks\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"elinks\", rpm:\"elinks~0.12~0.33.pre6.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2019-12-20T18:25:25", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4545"], "description": "**CentOS Errata and Security Advisory** CESA-2013:0250\n\n\nELinks is a text-based web browser. ELinks does not display any images, but\nit does support frames, tables, and most other HTML tags.\n\nIt was found that ELinks performed client credentials delegation during the\nclient-to-server GSS security mechanisms negotiation. A rogue server could\nuse this flaw to obtain the client's credentials and impersonate that\nclient to other servers that are using GSSAPI. (CVE-2012-4545)\n\nThis issue was discovered by Marko Myllynen of Red Hat.\n\nAll ELinks users are advised to upgrade to this updated package, which\ncontains a backported patch to resolve the issue.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-February/031273.html\nhttp://lists.centos.org/pipermail/centos-announce/2013-February/031274.html\n\n**Affected packages:**\nelinks\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0250.html", "edition": 3, "modified": "2013-02-11T21:46:30", "published": "2013-02-11T18:29:01", "href": "http://lists.centos.org/pipermail/centos-announce/2013-February/031273.html", "id": "CESA-2013:0250", "title": "elinks security update", "type": "centos", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:47", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4545"], "description": "[0.12-0.21.pre5]\n- do not delegate GSSAPI credentials (CVE-2012-4545)", "edition": 4, "modified": "2013-02-11T00:00:00", "published": "2013-02-11T00:00:00", "id": "ELSA-2013-0250", "href": "http://linux.oracle.com/errata/ELSA-2013-0250.html", "title": "elinks security update", "type": "oraclelinux", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:50", "bulletinFamily": "software", "cvelist": ["CVE-2012-4545"], "description": "Incorrect user credentials delegation in GSS.", "edition": 1, "modified": "2013-01-02T00:00:00", "published": "2013-01-02T00:00:00", "id": "SECURITYVULNS:VULN:12796", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12796", "title": "elinks authentication relaing", "type": "securityvulns", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-4545"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2592-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nDecember 28, 2012 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : elinks\r\nVulnerability : programming error\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2012-4545\r\n\r\nMarko Myllynen discovered that elinks, a powerful text-mode browser, \r\nincorrectly delegates user credentials during GSS-Negotiate.\r\n\r\nFor the stable distribution &#40;squeeze&#41;, this problem has been fixed in\r\nversion 0.12~pre5-2+squeeze1. Since the initial Squeeze release\r\nXulrunner needed to be updated and the version currently in the archive\r\nis incompatible with Elinks. As such, Javascript support needed to be\r\ndisabled &#40;only a small subset of typical functionality was supported\r\nanyway&#41;. It will likely be re-enabled in a later point update\r\n\r\nFor the testing distribution &#40;wheezy&#41;, this problem has been fixed in\r\nversion 0.12~pre5-9.\r\n\r\nFor the unstable distribution &#40;sid&#41;, this problem has been fixed in\r\nversion 0.12~pre5-9.\r\n\r\nWe recommend that you upgrade your elinks packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAlDdEEgACgkQXm3vHE4uyloZXACg4mj3PpAsZfOX7YTOiYCfAAU5\r\n9S8AoKQNPnIs2c9vJwnhDqfPbNGqXJVg\r\n=zBUI\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2013-01-02T00:00:00", "published": "2013-01-02T00:00:00", "id": "SECURITYVULNS:DOC:28901", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28901", "title": "[SECURITY] [DSA 2592-1] elinks security update", "type": "securityvulns", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:16:20", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4545"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2592-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nDecember 28, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : elinks\nVulnerability : programming error\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-4545\n\nMarko Myllynen discovered that elinks, a powerful text-mode browser, \nincorrectly delegates user credentials during GSS-Negotiate.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.12~pre5-2+squeeze1. Since the initial Squeeze release\nXulrunner needed to be updated and the version currently in the archive\nis incompatible with Elinks. As such, Javascript support needed to be\ndisabled (only a small subset of typical functionality was supported\nanyway). It will likely be re-enabled in a later point update\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 0.12~pre5-9.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 0.12~pre5-9.\n\nWe recommend that you upgrade your elinks packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 9, "modified": "2012-12-28T03:37:46", "published": "2012-12-28T03:37:46", "id": "DEBIAN:DSA-2592-1:7FEFB", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00236.html", "title": "[SECURITY] [DSA 2592-1] elinks security update", "type": "debian", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-06T09:28:25", "description": "An updated elinks package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nELinks is a text-based web browser. ELinks does not display any\nimages, but it does support frames, tables, and most other HTML tags.\n\nIt was found that ELinks performed client credentials delegation\nduring the client-to-server GSS security mechanisms negotiation. A\nrogue server could use this flaw to obtain the client's credentials\nand impersonate that client to other servers that are using GSSAPI.\n(CVE-2012-4545)\n\nThis issue was discovered by Marko Myllynen of Red Hat.\n\nAll ELinks users are advised to upgrade to this updated package, which\ncontains a backported patch to resolve the issue.", "edition": 25, "published": "2013-02-12T00:00:00", "title": "CentOS 5 / 6 : elinks (CESA-2013:0250)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4545"], "modified": "2013-02-12T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:elinks", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2013-0250.NASL", "href": "https://www.tenable.com/plugins/nessus/64562", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0250 and \n# CentOS Errata and Security Advisory 2013:0250 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64562);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-4545\");\n script_xref(name:\"RHSA\", value:\"2013:0250\");\n\n script_name(english:\"CentOS 5 / 6 : elinks (CESA-2013:0250)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated elinks package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nELinks is a text-based web browser. ELinks does not display any\nimages, but it does support frames, tables, and most other HTML tags.\n\nIt was found that ELinks performed client credentials delegation\nduring the client-to-server GSS security mechanisms negotiation. A\nrogue server could use this flaw to obtain the client's credentials\nand impersonate that client to other servers that are using GSSAPI.\n(CVE-2012-4545)\n\nThis issue was discovered by Marko Myllynen of Red Hat.\n\nAll ELinks users are advised to upgrade to this updated package, which\ncontains a backported patch to resolve the issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-February/019235.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?866ed5ab\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-February/019236.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?459d81e0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected elinks package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-4545\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:elinks\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x / 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"elinks-0.11.1-8.el5_9\")) flag++;\n\nif (rpm_check(release:\"CentOS-6\", reference:\"elinks-0.12-0.21.pre5.el6_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"elinks\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:54:05", "description": "Updated elinks package fixes security vulnerability :\n\nMarko Myllynen discovered that ELinks, a powerful text-mode browser,\nincorrectly delegates user credentials during GSS-Negotiate\n(CVE-2012-4545).", "edition": 24, "published": "2013-04-20T00:00:00", "title": "Mandriva Linux Security Advisory : elinks (MDVSA-2013:075)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4545"], "modified": "2013-04-20T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:elinks"], "id": "MANDRIVA_MDVSA-2013-075.NASL", "href": "https://www.tenable.com/plugins/nessus/66089", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:075. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66089);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-4545\");\n script_bugtraq_id(57065);\n script_xref(name:\"MDVSA\", value:\"2013:075\");\n script_xref(name:\"MGASA\", value:\"2012-0373\");\n\n script_name(english:\"Mandriva Linux Security Advisory : elinks (MDVSA-2013:075)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated elinks package fixes security vulnerability :\n\nMarko Myllynen discovered that ELinks, a powerful text-mode browser,\nincorrectly delegates user credentials during GSS-Negotiate\n(CVE-2012-4545).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected elinks package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:elinks\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"elinks-0.12-2.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:10:47", "description": " - do not delegate GSSAPI credentials (CVE-2012-4545)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-01-14T00:00:00", "title": "Fedora 17 : elinks-0.12-0.29.pre5.fc17 (2013-0265)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4545"], "modified": "2013-01-14T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:elinks"], "id": "FEDORA_2013-0265.NASL", "href": "https://www.tenable.com/plugins/nessus/63516", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-0265.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63516);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-4545\");\n script_bugtraq_id(57065);\n script_xref(name:\"FEDORA\", value:\"2013-0265\");\n\n script_name(english:\"Fedora 17 : elinks-0.12-0.29.pre5.fc17 (2013-0265)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - do not delegate GSSAPI credentials (CVE-2012-4545)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=864566\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/096727.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0d62bddd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected elinks package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:elinks\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"elinks-0.12-0.29.pre5.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"elinks\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:10:47", "description": " - do not delegate GSSAPI credentials (CVE-2012-4545)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-01-14T00:00:00", "title": "Fedora 18 : elinks-0.12-0.32.pre5.fc18 (2013-0207)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4545"], "modified": "2013-01-14T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:elinks"], "id": "FEDORA_2013-0207.NASL", "href": "https://www.tenable.com/plugins/nessus/63515", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-0207.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63515);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-4545\");\n script_bugtraq_id(57065);\n script_xref(name:\"FEDORA\", value:\"2013-0207\");\n\n script_name(english:\"Fedora 18 : elinks-0.12-0.32.pre5.fc18 (2013-0207)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - do not delegate GSSAPI credentials (CVE-2012-4545)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=864566\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/096659.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c7cf6454\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected elinks package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:elinks\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"elinks-0.12-0.32.pre5.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"elinks\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T09:47:45", "description": "Marko Myllynen discovered that ELinks, a powerful text-mode browser,\nincorrectly delegates user credentials during GSS-Negotiate.", "edition": 16, "published": "2012-12-28T00:00:00", "title": "Debian DSA-2592-1 : elinks - programming error", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4545"], "modified": "2012-12-28T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:elinks"], "id": "DEBIAN_DSA-2592.NASL", "href": "https://www.tenable.com/plugins/nessus/63342", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2592. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63342);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-4545\");\n script_xref(name:\"DSA\", value:\"2592\");\n\n script_name(english:\"Debian DSA-2592-1 : elinks - programming error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Marko Myllynen discovered that ELinks, a powerful text-mode browser,\nincorrectly delegates user credentials during GSS-Negotiate.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/elinks\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2592\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the elinks packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 0.12~pre5-2+squeeze1. Since the initial Squeeze release,\nXULRunner needed to be updated and the version currently in the\narchive is incompatible with ELinks. As such, JavaScript support\nneeded to be disabled (only a small subset of typical functionality\nwas supported anyway). It will likely be re-enabled in a later point\nupdate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:elinks\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"elinks\", reference:\"0.12~pre5-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"elinks-data\", reference:\"0.12~pre5-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"elinks-doc\", reference:\"0.12~pre5-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"elinks-lite\", reference:\"0.12~pre5-2+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:47:24", "description": "It was found that ELinks performed client credentials delegation\nduring the client-to-server GSS security mechanisms negotiation. A\nrogue server could use this flaw to obtain the client's credentials\nand impersonate that client to other servers that are using GSSAPI.\n(CVE-2012-4545)", "edition": 15, "published": "2013-02-12T00:00:00", "title": "Scientific Linux Security Update : elinks on SL5.x, SL6.x i386/x86_64 (20130211)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4545"], "modified": "2013-02-12T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:elinks-debuginfo", "p-cpe:/a:fermilab:scientific_linux:elinks"], "id": "SL_20130211_ELINKS_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/64566", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64566);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-4545\");\n\n script_name(english:\"Scientific Linux Security Update : elinks on SL5.x, SL6.x i386/x86_64 (20130211)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that ELinks performed client credentials delegation\nduring the client-to-server GSS security mechanisms negotiation. A\nrogue server could use this flaw to obtain the client's credentials\nand impersonate that client to other servers that are using GSSAPI.\n(CVE-2012-4545)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1302&L=scientific-linux-errata&T=0&P=1906\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?82dc7e99\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected elinks and / or elinks-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:elinks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:elinks-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"elinks-0.11.1-8.el5_9\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"elinks-debuginfo-0.11.1-8.el5_9\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"elinks-0.12-0.21.pre5.el6_3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"elinks-debuginfo-0.12-0.21.pre5.el6_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"elinks / elinks-debuginfo\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:47:37", "description": "From Red Hat Security Advisory 2013:0250 :\n\nAn updated elinks package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nELinks is a text-based web browser. ELinks does not display any\nimages, but it does support frames, tables, and most other HTML tags.\n\nIt was found that ELinks performed client credentials delegation\nduring the client-to-server GSS security mechanisms negotiation. A\nrogue server could use this flaw to obtain the client's credentials\nand impersonate that client to other servers that are using GSSAPI.\n(CVE-2012-4545)\n\nThis issue was discovered by Marko Myllynen of Red Hat.\n\nAll ELinks users are advised to upgrade to this updated package, which\ncontains a backported patch to resolve the issue.", "edition": 22, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 / 6 : elinks (ELSA-2013-0250)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4545"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:elinks", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2013-0250.NASL", "href": "https://www.tenable.com/plugins/nessus/68729", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0250 and \n# Oracle Linux Security Advisory ELSA-2013-0250 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68729);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-4545\");\n script_bugtraq_id(57065);\n script_xref(name:\"RHSA\", value:\"2013:0250\");\n\n script_name(english:\"Oracle Linux 5 / 6 : elinks (ELSA-2013-0250)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0250 :\n\nAn updated elinks package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nELinks is a text-based web browser. ELinks does not display any\nimages, but it does support frames, tables, and most other HTML tags.\n\nIt was found that ELinks performed client credentials delegation\nduring the client-to-server GSS security mechanisms negotiation. A\nrogue server could use this flaw to obtain the client's credentials\nand impersonate that client to other servers that are using GSSAPI.\n(CVE-2012-4545)\n\nThis issue was discovered by Marko Myllynen of Red Hat.\n\nAll ELinks users are advised to upgrade to this updated package, which\ncontains a backported patch to resolve the issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-February/003254.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-February/003255.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected elinks package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:elinks\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"elinks-0.11.1-8.el5_9\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"elinks-0.12-0.21.pre5.el6_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"elinks\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:11:59", "description": "An updated elinks package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nELinks is a text-based web browser. ELinks does not display any\nimages, but it does support frames, tables, and most other HTML tags.\n\nIt was found that ELinks performed client credentials delegation\nduring the client-to-server GSS security mechanisms negotiation. A\nrogue server could use this flaw to obtain the client's credentials\nand impersonate that client to other servers that are using GSSAPI.\n(CVE-2012-4545)\n\nThis issue was discovered by Marko Myllynen of Red Hat.\n\nAll ELinks users are advised to upgrade to this updated package, which\ncontains a backported patch to resolve the issue.", "edition": 25, "published": "2013-02-12T00:00:00", "title": "RHEL 5 / 6 : elinks (RHSA-2013:0250)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4545"], "modified": "2013-02-12T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6.3", "cpe:/o:redhat:enterprise_linux:5.9", "p-cpe:/a:redhat:enterprise_linux:elinks", "p-cpe:/a:redhat:enterprise_linux:elinks-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2013-0250.NASL", "href": "https://www.tenable.com/plugins/nessus/64565", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0250. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64565);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-4545\");\n script_xref(name:\"RHSA\", value:\"2013:0250\");\n\n script_name(english:\"RHEL 5 / 6 : elinks (RHSA-2013:0250)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated elinks package that fixes one security issue is now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nELinks is a text-based web browser. ELinks does not display any\nimages, but it does support frames, tables, and most other HTML tags.\n\nIt was found that ELinks performed client credentials delegation\nduring the client-to-server GSS security mechanisms negotiation. A\nrogue server could use this flaw to obtain the client's credentials\nand impersonate that client to other servers that are using GSSAPI.\n(CVE-2012-4545)\n\nThis issue was discovered by Marko Myllynen of Red Hat.\n\nAll ELinks users are advised to upgrade to this updated package, which\ncontains a backported patch to resolve the issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0250\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4545\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected elinks and / or elinks-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:elinks\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:elinks-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0250\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"elinks-0.11.1-8.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"elinks-0.11.1-8.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"elinks-0.11.1-8.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"elinks-debuginfo-0.11.1-8.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"elinks-debuginfo-0.11.1-8.el5_9\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"elinks-debuginfo-0.11.1-8.el5_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"elinks-0.12-0.21.pre5.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"elinks-0.12-0.21.pre5.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"elinks-0.12-0.21.pre5.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"elinks-debuginfo-0.12-0.21.pre5.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"elinks-debuginfo-0.12-0.21.pre5.el6_3\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"elinks-debuginfo-0.12-0.21.pre5.el6_3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"elinks / elinks-debuginfo\");\n }\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4545"], "description": "Elinks is a text-based Web browser. Elinks does not display any images, but it does support frames, tables and most other HTML tags. Elinks' advantage over graphical browsers is its speed--Elinks starts and exits quickly and swiftly displays Web pages. ", "modified": "2013-10-14T07:03:07", "published": "2013-10-14T07:03:07", "id": "FEDORA:9A8F0217F1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: elinks-0.12-0.33.pre6.fc18", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4545"], "description": "Elinks is a text-based Web browser. Elinks does not display any images, but it does support frames, tables and most other HTML tags. Elinks' advantage over graphical browsers is its speed--Elinks starts and exits quickly and swiftly displays Web pages. ", "modified": "2013-01-14T04:19:16", "published": "2013-01-14T04:19:16", "id": "FEDORA:500A021230", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: elinks-0.12-0.29.pre5.fc17", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4545"], "description": "Elinks is a text-based Web browser. Elinks does not display any images, but it does support frames, tables and most other HTML tags. Elinks' advantage over graphical browsers is its speed--Elinks starts and exits quickly and swiftly displays Web pages. ", "modified": "2013-10-14T17:20:40", "published": "2013-10-14T17:20:40", "id": "FEDORA:5370C21CE4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: elinks-0.12-0.33.pre6.fc18", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:56", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4545"], "description": "ELinks is a text-based web browser. ELinks does not display any images, but\nit does support frames, tables, and most other HTML tags.\n\nIt was found that ELinks performed client credentials delegation during the\nclient-to-server GSS security mechanisms negotiation. A rogue server could\nuse this flaw to obtain the client's credentials and impersonate that\nclient to other servers that are using GSSAPI. (CVE-2012-4545)\n\nThis issue was discovered by Marko Myllynen of Red Hat.\n\nAll ELinks users are advised to upgrade to this updated package, which\ncontains a backported patch to resolve the issue.\n", "modified": "2018-06-06T20:24:15", "published": "2013-02-11T05:00:00", "id": "RHSA-2013:0250", "href": "https://access.redhat.com/errata/RHSA-2013:0250", "type": "redhat", "title": "(RHSA-2013:0250) Moderate: elinks security update", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}]}