Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-4545

The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials.

Related bugs and status

CVE-2012-4545 (Candidate) is related to these bugs:

Bug #1074357: Merge elinks (0.12~pre5-9) (universe) from Debian Unstable (main)

Summary				In	Importance	Status
	1074357	Merge elinks (0.12~pre5-9) (universe) from Debian Unstable (main)		elinks (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://www.debian.org/...
MISC: http://www.mandriva.co...
MISC: http://rhn.redhat.com/...
MISC: https://exchange.xforc...
MISC: http://bugzilla.elinks...
MISC: http://repo.or.cz/w/el...