Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P
Vendors Products
Elinks
  • Elinks
Links
  • Links

Configuration 1 [-]

OR cpe:2.3:a:elinks:elinks:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:links:links:1.00pre12:*:*:*:*:*:*:*
References
Link Resource
http://bugzilla.elinks.cz/show_bug.cgi?id=841
http://marc.info/?l=full-disclosure&m=116355556512780&w=2
http://secunia.com/advisories/22905 Vendor Advisory
http://secunia.com/advisories/22920 Vendor Advisory
http://secunia.com/advisories/22923 Vendor Advisory
http://secunia.com/advisories/23022 Vendor Advisory
http://secunia.com/advisories/23132 Vendor Advisory
http://secunia.com/advisories/23188 Vendor Advisory
http://secunia.com/advisories/23234 Vendor Advisory
http://secunia.com/advisories/23389 Vendor Advisory
http://secunia.com/advisories/23467 Vendor Advisory
http://secunia.com/advisories/24005 Vendor Advisory
http://secunia.com/advisories/24054 Vendor Advisory
http://security.gentoo.org/glsa/glsa-200612-16.xml
http://securitytracker.com/id?1017232
http://securitytracker.com/id?1017233
http://www.debian.org/security/2006/dsa-1228
http://www.debian.org/security/2006/dsa-1240
http://www.gentoo.org/security/en/glsa/glsa-200701-27.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:216
http://www.novell.com/linux/security/advisories/2006_27_sr.html
http://www.redhat.com/support/errata/RHSA-2006-0742.html
http://www.securityfocus.com/archive/1/451870/100/200/threaded
http://www.securityfocus.com/bid/21082
http://www.trustix.org/errata/2007/0005
https://exchange.xforce.ibmcloud.com/vulnerabilities/30299
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11213
https://www.debian.org/security/2006/dsa-1226
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2006-11-15T19:00:00

Updated: 2018-10-17T20:57:01

Reserved: 2006-11-15T00:00:00

Link: CVE-2006-5925

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2006-11-15T19:07:00.000

Modified: 2018-10-17T21:45:57.747

Link: CVE-2006-5925

JSON object: View

cve-icon Redhat Information

No data.

CWE