Scientific Linux Security Update : elinks on SL5.x, SL6.x i386/x86_64 (20130211)

It was found that ELinks performed client credentials delegation during the client-to-server GSS security mechanisms negotiation. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. CVE-2012-4545 %NASLMINLEVEL...

elinks security update

0.12-0.21.pre5 - do not delegate GSSAPI credentials CVE-2012-4545...

SuSE 11.1 Security Update : openssh (SAT Patch Number 6672)

This collective security update of openssh fixes multiple security issues : - memory exhaustion in gssapi due to integer overflow. bnc756370, CVE-2011-5000 - forced command option information leak bnc744643, CVE-2012-0814 Additionally, the following bug has been fixed : - server-side delay upon...

Fedora 17 : elinks-0.12-0.29.pre5.fc17 (2013-0265)

do not delegate GSSAPI credentials CVE-2012-4545 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

CVE-2012-4545

The httpnegotiatecreatecontext function in protocol/http/httpnegotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials...

CVE-2012-4545

The httpnegotiatecreatecontext function in protocol/http/httpnegotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials...

CVE-2012-4545

The httpnegotiatecreatecontext function in protocol/http/httpnegotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials...

CVE-2012-4545

CVE-2012-4545 affects ELinks 0.12 up to (but not including) 0.12pre6, where using HTTP Negotiate or GSS-Negotiate authentication delegates user credentials via GSSAPI. This can allow a remote server to authenticate as the client using delegated credentials. The CVSS score from NVD is 5.1 (Medium)...

CVE-2012-4545

The httpnegotiatecreatecontext function in protocol/http/httpnegotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials...

libgssglue: Privilege escalation

Background libgssglue exports a GSSAPI interface which calls other random GSSAPI libraries. Description libgssglue does not securely use getenv when loading a library for a setuid application. Impact A local attacker could gain escalated privileges. Workaround There is no known workaround at this...

Slackware: Security Advisory (SSA:2006-272-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SuSE 10 Security Update : openssh (ZYPP Patch Number 8248)

This collective security update of openssh fixed multiple security issues : - memory exhaustion in gssapi due to integer overflow. bnc756370, CVE-2011-5000 - forced command option information leak bnc744643, CVE-2012-0814 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description o...

Scientific Linux Security Update : krb5 on SL3.x, SL4.x, SL5.x i386/x86_64

A flaw was found in the way the MIT Kerberos Authentication Service and Key Distribution Center server krb5kdc handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly execute arbitrary...

Scientific Linux Security Update : openssh on SL4.x i386/x86_64

A flaw was found in the way the ssh server wrote account names to the audit subsystem. An attacker could inject strings containing parts of audit messages which could possibly mislead or confuse audit log parsing tools. CVE-2007-3102 A flaw was found in the way the OpenSSH server processes GSSAPI...

Scientific Linux Security Update : openssh on SL6.x i386/x86_64 (20120620)

OpenSSH is OpenBSD's Secure Shell SSH protocol implementation. These packages include the core files necessary for the OpenSSH client and server. A denial of service flaw was found in the OpenSSH GSSAPI authentication implementation. A remote, authenticated user could use this flaw to make the...

Scientific Linux Security Update : curl on SL4.x, SL5.x, SL6.x i386/x86_64

cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that cURL always performed credential delegation when authenticating with GSSAPI. A rogue server could use this flaw to obtain the...

Scientific Linux Security Update : openssh on SL5.x

Problem description : A flaw was found in the way the ssh server wrote account names to the audit subsystem. An attacker could inject strings containing parts of audit messages, which could possibly mislead or confuse audit log parsing tools. CVE-2007-3102 A flaw was found in the way the OpenSSH...

Scientific Linux Security Update : rsyslog on SL6.x i386/x86_64 (20120620)

The rsyslog packages provide an enhanced, multi-threaded syslog daemon. A numeric truncation error, leading to a heap-based buffer overflow, was found in the way the rsyslog imfile module processed text files containing long lines. An attacker could use this flaw to crash the rsyslogd daemon or,...

CentOS Update for curl CESA-2011:0918 centos4 x86_64

Check for the Version of curl OpenVAS Vulnerability Test CentOS Update for curl CESA-2011:0918 centos4 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

CentOS Update for curl CESA-2011:0918 centos4 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...