Bug 297611 (CVE-2007-5034) - CVE-2007-5034 elinks reveals POST data to HTTPS proxy
Summary: CVE-2007-5034 elinks reveals POST data to HTTPS proxy
Status: CLOSED ERRATA
Alias: CVE-2007-5034
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
(Show other bugs)
Version: unspecified
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://bugzilla.elinks.cz/show_bug.cg...
Whiteboard: source=vendorsec,reported=20070919,pu...
Keywords: Security
Depends On: 297981 297991 303881 303891 303901 303911 833893
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-09-20 09:42 UTC by Tomas Hoger
Modified: 2012-06-20 14:05 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-07 13:39:59 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
0.10.6 upstream patch (7.26 KB, patch)
2007-09-24 19:26 UTC, Josh Bressers
no flags Details | Diff
Upstream patch for 0.11.1 (7.26 KB, patch)
2007-09-24 19:26 UTC, Josh Bressers
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2007:0933 normal SHIPPED_LIVE Moderate: elinks security update 2008-01-08 17:53:47 UTC

Description Tomas Hoger 2007-09-20 09:42:01 UTC
Following problem was reported to elinks bugzilla [1]:

If ELinks is making a POST request to an https URL, and a proxy has been defined
for https, ELinks takes the body and Content-* headers of the POST request and
adds them to the CONNECT request in cleartext.  So the proxy can now snoop all
the data that was supposed to be hidden by TLS, as can anyone between ELinks and
the proxy.  Apparently some proxies also entirely refuse such requests.

[1] http://bugzilla.elinks.cz/show_bug.cgi?id=937

Fixed in 0.11.3, upstream bugzilla contains references to GIT commits in various
branches.

Comment 1 Tomas Hoger 2007-09-20 09:54:36 UTC
Support for HTTPS proxy was introduced in elinks version 0.5rc1.  Version of
elinks as shipped in Red Hat Enterprise Linux 3 is therefore not vulnerable. 
Also links as shipped in Red Hat Enterprise Linux 2.1 does not provide HTTPS
proxy support and is not affected by this problem.

Comment 2 Ondrej Vasik 2007-09-20 11:42:43 UTC
Ok, so it seems to be that affected supported versions are FC-6, F-7, RHEL4 and
RHEL5 - because devel contains 0.11.3 version.  I will update versions for
Fedora, because it is the easiest way, for RHEL4 and RHEL5 we should discuss the
way how to proceed.

Comment 4 Tomas Hoger 2007-09-20 12:06:50 UTC
Thanks Ondrej for feedback.  Created tracking bugs for current Fedora versions.

Comment 5 Josh Bressers 2007-09-24 19:26:03 UTC
Created attachment 204441 [details]
0.10.6 upstream patch

Comment 6 Josh Bressers 2007-09-24 19:26:55 UTC
Created attachment 204461 [details]
Upstream patch for 0.11.1

Comment 14 Tomas Hoger 2008-01-07 13:39:59 UTC
Fixed in all affected products:

Red Hat Enterprise Linux:  	
  http://rhn.redhat.com/errata/RHSA-2007-0933.html

Fedora
  updated to fixed upstream version



Note You need to log in before you can comment on or make changes to this bug.