Bug 297611 - (CVE-2007-5034) CVE-2007-5034 elinks reveals POST data to HTTPS proxy
CVE-2007-5034 elinks reveals POST data to HTTPS proxy
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
http://bugzilla.elinks.cz/show_bug.cg...
source=vendorsec,reported=20070919,pu...
: Security
Depends On: 297981 297991 303881 303891 303901 303911 833893
Blocks:
  Show dependency treegraph
 
Reported: 2007-09-20 05:42 EDT by Tomas Hoger
Modified: 2012-06-20 10:05 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-07 08:39:59 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
0.10.6 upstream patch (7.26 KB, patch)
2007-09-24 15:26 EDT, Josh Bressers
no flags Details | Diff
Upstream patch for 0.11.1 (7.26 KB, patch)
2007-09-24 15:26 EDT, Josh Bressers
no flags Details | Diff

  None (edit)
Description Tomas Hoger 2007-09-20 05:42:01 EDT
Following problem was reported to elinks bugzilla [1]:

If ELinks is making a POST request to an https URL, and a proxy has been defined
for https, ELinks takes the body and Content-* headers of the POST request and
adds them to the CONNECT request in cleartext.  So the proxy can now snoop all
the data that was supposed to be hidden by TLS, as can anyone between ELinks and
the proxy.  Apparently some proxies also entirely refuse such requests.

[1] http://bugzilla.elinks.cz/show_bug.cgi?id=937

Fixed in 0.11.3, upstream bugzilla contains references to GIT commits in various
branches.
Comment 1 Tomas Hoger 2007-09-20 05:54:36 EDT
Support for HTTPS proxy was introduced in elinks version 0.5rc1.  Version of
elinks as shipped in Red Hat Enterprise Linux 3 is therefore not vulnerable. 
Also links as shipped in Red Hat Enterprise Linux 2.1 does not provide HTTPS
proxy support and is not affected by this problem.
Comment 2 Ondrej Vasik 2007-09-20 07:42:43 EDT
Ok, so it seems to be that affected supported versions are FC-6, F-7, RHEL4 and
RHEL5 - because devel contains 0.11.3 version.  I will update versions for
Fedora, because it is the easiest way, for RHEL4 and RHEL5 we should discuss the
way how to proceed.
Comment 4 Tomas Hoger 2007-09-20 08:06:50 EDT
Thanks Ondrej for feedback.  Created tracking bugs for current Fedora versions.
Comment 5 Josh Bressers 2007-09-24 15:26:03 EDT
Created attachment 204441 [details]
0.10.6 upstream patch
Comment 6 Josh Bressers 2007-09-24 15:26:55 EDT
Created attachment 204461 [details]
Upstream patch for 0.11.1
Comment 14 Tomas Hoger 2008-01-07 08:39:59 EST
Fixed in all affected products:

Red Hat Enterprise Linux:  	
  http://rhn.redhat.com/errata/RHSA-2007-0933.html

Fedora
  updated to fixed upstream version

Note You need to log in before you can comment on or make changes to this bug.