Bug 864566 (CVE-2012-4545) - CVE-2012-4545 elinks: Improper delegation of client credentials during GSS negotiation
Summary: CVE-2012-4545 elinks: Improper delegation of client credentials during GSS ne...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-4545
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 863066 891566 891692 891693 891694 891695
Blocks: 864574
TreeView+ depends on / blocked
 
Reported: 2012-10-09 15:20 UTC by Jan Lieskovsky
Modified: 2023-05-13 01:56 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-02-12 06:22:25 UTC
Embargoed:


Attachments (Terms of Use)
Proposed patch from Kamil Dudka to disable credentials delegation during GSS negotiation (822 bytes, patch)
2012-10-09 15:46 UTC, Jan Lieskovsky
no flags Details | Diff
[PATCH] http_negotiate: do not delegate GSSAPI credentials by default (3.13 KB, patch)
2012-10-23 12:20 UTC, Kamil Dudka
no flags Details | Diff
fixes supposed to go out with the security advisory (1.85 KB, patch)
2012-10-25 10:53 UTC, Kamil Dudka
no flags Details | Diff
RHEL-5 backport of the upstream security fixes (2.90 KB, patch)
2012-10-29 15:54 UTC, Kamil Dudka
ovasik: review+
Details | Diff
RHEL-6 backport of the upstream security fixes (2.91 KB, patch)
2012-10-29 15:54 UTC, Kamil Dudka
ovasik: review+
Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0250 0 normal SHIPPED_LIVE Moderate: elinks security update 2013-02-11 23:09:41 UTC

Description Jan Lieskovsky 2012-10-09 15:20:09 UTC
It was found that Elinks performed client credentials delegation during the client-to-server GSS security mechanisms negotiation. A remote, rogue server could use this flaw to impersonate the Elinks client (victim) against the correct (originally intended) server, potentially leading to denial of Elinks tool services for victim client.

Comment 1 Jan Lieskovsky 2012-10-09 15:22:07 UTC
This issue affects the versions of the elinks package, as shipped with Red Hat Enterprise Linux 5 and 6.

--

This issue affects the versions of the elinks package, as shipped with Fedora release of 16 and 17.

Comment 2 Jan Lieskovsky 2012-10-09 15:25:16 UTC
This issue was discovered by Marko Myllynen of Red Hat.

Comment 4 Jan Lieskovsky 2012-10-09 15:46:24 UTC
Created attachment 624175 [details]
Proposed patch from Kamil Dudka to disable credentials delegation during GSS negotiation

Comment 7 Kamil Dudka 2012-10-23 11:00:22 UTC
I am working on a new version of the patch, will provide some update shortly.

Comment 8 Kamil Dudka 2012-10-23 12:20:22 UTC
Created attachment 632061 [details]
[PATCH] http_negotiate: do not delegate GSSAPI credentials by default

I have proposed a new version of the patch upstream.

Comment 9 Kamil Dudka 2012-10-25 10:53:45 UTC
Created attachment 633270 [details]
fixes supposed to go out with the security advisory

An upstream patch allowing to configure trusted servers is going to be applied later, together with some other fixes related to the HTTP authentication.

Comment 11 Kamil Dudka 2012-10-29 15:54:03 UTC
Created attachment 635073 [details]
RHEL-5 backport of the upstream security fixes

Comment 12 Kamil Dudka 2012-10-29 15:54:43 UTC
Created attachment 635074 [details]
RHEL-6 backport of the upstream security fixes

Comment 21 Jan Lieskovsky 2013-01-03 10:01:14 UTC
Created elinks tracking bugs for this issue

Affects: fedora-all [bug 891566]

Comment 25 Fedora Update System 2013-01-14 04:05:20 UTC
elinks-0.12-0.32.pre5.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 26 Fedora Update System 2013-01-14 04:19:10 UTC
elinks-0.12-0.29.pre5.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 30 Murray McAllister 2013-02-06 00:50:04 UTC
Acknowledgements:

This issue was discovered by Marko Myllynen of Red Hat.

Comment 31 errata-xmlrpc 2013-02-11 18:13:14 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 5

Via RHSA-2013:0250 https://rhn.redhat.com/errata/RHSA-2013-0250.html


Note You need to log in before you can comment on or make changes to this bug.