Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CentOS Update for elinks CESA-2013:0250 centos5

Information

Severity

Severity

Medium

Family

Family

CentOS Local Security Checks

CVSSv2 Base

CVSSv2 Base

5.1

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

11 years ago

Modified

Modified

5 years ago

Summary

The remote host is missing an update for the 'elinks' package(s) announced via the referenced advisory.

Insight

Insight

ELinks is a text-based web browser. ELinks does not display any images, but it does support frames, tables, and most other HTML tags. It was found that ELinks performed client credentials delegation during the client-to-server GSS security mechanisms negotiation. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. (CVE-2012-4545) This issue was discovered by Marko Myllynen of Red Hat. All ELinks users are advised to upgrade to this updated package, which contains a backported patch to resolve the issue.

Affected Software

Affected Software

elinks on CentOS 5

Solution

Solution

Please install the updated packages.

Common Vulnerabilities and Exposures (CVE)