ID CVE-2006-5925
Summary Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.
References
Vulnerable Configurations
  • cpe:2.3:a:elinks:elinks:0.9.2
    cpe:2.3:a:elinks:elinks:0.9.2
  • cpe:2.3:a:links:links:1.00pre12
    cpe:2.3:a:links:links:1.00pre12
CVSS
Base: 7.5 (as of 16-11-2006 - 01:23)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description Links, ELinks 'smbclient' Remote Command Execution Vulnerability. CVE-2006-5925. Remote exploit for linux platform
id EDB-ID:29033
last seen 2016-02-03
modified 2006-11-18
published 2006-11-18
reporter Teemu Salmela
source https://www.exploit-db.com/download/29033/
title Links, ELinks 'smbclient' Remote Command Execution Vulnerability
nessus via4
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2006-0742.NASL
    description From Red Hat Security Advisory 2006:0742 : An updated elinks package that corrects a security vulnerability is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Elinks is a text mode Web browser used from the command line that supports rendering modern web pages. An arbitrary file access flaw was found in the Elinks SMB protocol handler. A malicious web page could have caused Elinks to read or write files with the permissions of the user running Elinks. (CVE-2006-5925) All users of Elinks are advised to upgrade to this updated package, which resolves this issue by removing support for the SMB protocol from Elinks. Note: this issue did not affect the Elinks package shipped with Red Hat Enterprise Linux 3, or the Links package shipped with Red Hat Enterprise Linux 2.1.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 67426
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67426
    title Oracle Linux 4 : elinks (ELSA-2006-0742)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0742.NASL
    description An updated elinks package that corrects a security vulnerability is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Elinks is a text mode Web browser used from the command line that supports rendering modern web pages. An arbitrary file access flaw was found in the Elinks SMB protocol handler. A malicious web page could have caused Elinks to read or write files with the permissions of the user running Elinks. (CVE-2006-5925) All users of Elinks are advised to upgrade to this updated package, which resolves this issue by removing support for the SMB protocol from Elinks. Note: this issue did not affect the Elinks package shipped with Red Hat Enterprise Linux 3, or the Links package shipped with Red Hat Enterprise Linux 2.1.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 37097
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37097
    title CentOS 4 : elinks (CESA-2006:0742)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200701-27.NASL
    description The remote host is affected by the vulnerability described in GLSA-200701-27 (ELinks: Arbitrary Samba command execution) Teemu Salmela discovered an error in the validation code of 'smb://' URLs used by ELinks, the same issue as reported in GLSA 200612-16 concerning Links. Impact : A remote attacker could entice a user to browse to a specially crafted 'smb://' URL and execute arbitrary Samba commands, which would allow the overwriting of arbitrary local files or the upload or download of arbitrary files. This vulnerability can be exploited only if 'smbclient' is installed on the victim's computer, which is provided by the 'samba' Gentoo package. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 24312
    published 2007-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24312
    title GLSA-200701-27 : ELinks: Arbitrary Samba command execution
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-216.NASL
    description The links web browser with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements. Corporate 3.0 is not affected by this issue, as that version of links does not have smb:// URI support. Updated packages have disabled access to smb:// URIs.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24601
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24601
    title Mandrake Linux Security Advisory : links (MDKSA-2006:216)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200612-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-200612-16 (Links: Arbitrary Samba command execution) Teemu Salmela discovered that Links does not properly validate 'smb://' URLs when it runs smbclient commands. Impact : A remote attacker could entice a user to browse to a specially crafted 'smb://' URL and execute arbitrary Samba commands, which would allow the overwriting of arbitrary local files or the upload or the download of arbitrary files. This vulnerability can be exploited only if 'smbclient' is installed on the victim's computer, which is provided by the 'samba' Gentoo package. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 23873
    published 2006-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23873
    title GLSA-200612-16 : Links: Arbitrary Samba command execution
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0742.NASL
    description An updated elinks package that corrects a security vulnerability is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Elinks is a text mode Web browser used from the command line that supports rendering modern web pages. An arbitrary file access flaw was found in the Elinks SMB protocol handler. A malicious web page could have caused Elinks to read or write files with the permissions of the user running Elinks. (CVE-2006-5925) All users of Elinks are advised to upgrade to this updated package, which resolves this issue by removing support for the SMB protocol from Elinks. Note: this issue did not affect the Elinks package shipped with Red Hat Enterprise Linux 3, or the Links package shipped with Red Hat Enterprise Linux 2.1.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 23684
    published 2006-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23684
    title RHEL 4 : elinks (RHSA-2006:0742)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-851-1.NASL
    description Teemu Salmela discovered that Elinks did not properly validate input when processing smb:// URLs. If a user were tricked into viewing a malicious website and had smbclient installed, a remote attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2006-5925) Jakub Wilk discovered a logic error in Elinks, leading to a buffer overflow. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-7224). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 42208
    published 2009-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42208
    title Ubuntu 6.06 LTS : elinks vulnerabilities (USN-851-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1240.NASL
    description Teemu Salmela discovered that the links2 character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 23945
    published 2006-12-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23945
    title Debian DSA-1240-1 : links2 - insufficient escaping
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1226.NASL
    description Teemu Salmela discovered that the links character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 23844
    published 2006-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23844
    title Debian DSA-1226-1 : links - insufficient escaping
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LINKS-2292.NASL
    description Malicious websites could abuse smb:// URLs to read or write arbitrary files of the user (CVE-2006-5925). Therefore this update disables SMB support in links.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27342
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27342
    title openSUSE 10 Security Update : links (links-2292)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1228.NASL
    description Teemu Salmela discovered that the elinks character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 23770
    published 2006-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23770
    title Debian DSA-1228-1 : elinks - insufficient escaping
oval via4
accepted 2013-04-29T04:12:24.365-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.
family unix
id oval:org.mitre.oval:def:11213
status accepted
submitted 2010-07-09T03:56:16-04:00
title Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.
version 23
redhat via4
advisories
bugzilla
id 215731
title CVE-2006-5925 elinks smb protocol arbitrary file access
oval
AND
  • comment Red Hat Enterprise Linux 4 is installed
    oval oval:com.redhat.rhba:tst:20070304001
  • comment elinks is earlier than 0:0.9.2-3.3
    oval oval:com.redhat.rhsa:tst:20060742002
  • comment elinks is signed with Red Hat master key
    oval oval:com.redhat.rhsa:tst:20060742003
rhsa
id RHSA-2006:0742
released 2006-11-15
severity Critical
title RHSA-2006:0742: elinks security update (Critical)
rpms elinks-0:0.9.2-3.3
refmap via4
bid 21082
bugtraq 20061115 Links smbclient command execution
confirm http://bugzilla.elinks.cz/show_bug.cgi?id=841
debian
  • DSA-1226
  • DSA-1228
  • DSA-1240
fulldisc 20061115 Links smbclient command execution
gentoo
  • GLSA-200612-16
  • GLSA-200701-27
mandriva MDKSA-2006:216
sectrack
  • 1017232
  • 1017233
secunia
  • 22905
  • 22920
  • 22923
  • 23022
  • 23132
  • 23188
  • 23234
  • 23389
  • 23467
  • 24005
  • 24054
suse SUSE-SR:2006:027
trustix 2007-0005
xf links-smbclient-command-execution(30299)
Last major update 07-12-2016 - 22:00
Published 15-11-2006 - 14:07
Last modified 17-10-2018 - 17:45
Back to Top