|Bugzilla:||864566: CVE-2012-4545 elinks: Improper delegation of client credentials during GSS negotiation|
The MITRE CVE dictionary describes this issue as:
The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|Red Hat Enterprise Linux version 5 (elinks)||RHSA-2013:0250||February 11, 2013|
|Red Hat Enterprise Linux version 6 (elinks)||RHSA-2013:0250||February 11, 2013|
This issue was discovered by Marko Myllynen of Red Hat.
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.