CVE-2006-5925
published 2006-11-15CVE-2006-5925: Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb://…
PriorityP349high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
8.05%
94.1th percentile
Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | elinks | < elinks 0.11.1-1.2 (bookworm) | elinks 0.11.1-1.2 (bookworm) |
| debian | links2 | < elinks 0.11.1-1.2 (bookworm) | elinks 0.11.1-1.2 (bookworm) |
| elinks | elinks | — | — |
| elinks | elinks | >= 0 < 0.11.1-1.2 | 0.11.1-1.2 |
| elinks | elinks | >= 0 < 0.11.1-1.2 | 0.11.1-1.2 |
| elinks | elinks | >= 0 < 0.11.1-1.2 | 0.11.1-1.2 |
| elinks | elinks | >= 0 < 0.11.1-1.2 | 0.11.1-1.2 |
| links | links | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5MEDIUM
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q6h6-5c8f-jx3g: Links web browser 1
ghsa_unreviewed·2022-05-01
CVE-2006-5925 [HIGH] GHSA-q6h6-5c8f-jx3g: Links web browser 1
Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.
OSV
CVE-2006-5925: Links web browser 1
osv·2006-11-15·CVSS 7.5
CVE-2006-5925 [HIGH] CVE-2006-5925: Links web browser 1
Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.
Ubuntu
Elinks vulnerabilities
vendor_ubuntu·2009-10-21·CVSS 7.5
CVE-2006-5925 [HIGH] Elinks vulnerabilities
Title: Elinks vulnerabilities
Summary: Elinks vulnerabilities
Teemu Salmela discovered that Elinks did not properly validate input when
processing smb:// URLs. If a user were tricked into viewing a malicious
website and had smbclient installed, a remote attacker could execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2006-5925)
Jakub Wilk discovered a logic error in Elinks, leading to a buffer
overflow. If a user were tricked into viewing a malicious website, a remote
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2008-7224)
Instructions: After a standard system upgrade you need to restart Elinks to effect
the necessary changes.
Red Hat
security flaw
vendor_redhat·2006-11-15·CVSS 7.5
CVE-2006-5925 [HIGH] security flaw
security flaw
Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.
Debian
CVE-2006-5925: elinks - Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows rem...
vendor_debian·2006·CVSS 7.5
CVE-2006-5925 [HIGH] CVE-2006-5925: elinks - Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows rem...
Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.
Scope: local
bookworm: resolved (fixed in 0.11.1-1.2)
bullseye: resolved (fixed in 0.11.1-1.2)
forky: resolved (fixed in 0.11.1-1.2)
sid: resolved (fixed in 0.11.1-1.2)
trixie: resolved (fixed in 0.11.1-1.2)
No detection rules found.
Exploit-DB
Links_ ELinks 'smbclient' - Remote Command Execution
exploitdb·2006-11-18
CVE-2006-5925 Links_ ELinks 'smbclient' - Remote Command Execution
Links_ ELinks 'smbclient' - Remote Command Execution
---
source: https://www.securityfocus.com/bid/21082/info
Links and ELinks are prone to a remote command-execution vulnerability because the applications fail to properly process website data containing 'smb' commands.
An attacker can exploit this issue to execute arbitrary 'smb' commands on a victim computer. This may help the attacker compromise the application and the underlying system; other attacks are also possible.
Links 1.00pre12 and ELinks 0.11.1 are vulnerable; other versions may also be affected.
NOTE: This vulnerability may be exploited only if 'smbclient' is installed on a target computer.
Put /etc/passwd Get .bashrc
Exploit-DB
Links 1.00pre12 - 'smbclient' Remote Code Execution
exploitdb·2006-11-14
CVE-2006-5925 Links 1.00pre12 - 'smbclient' Remote Code Execution
Links 1.00pre12 - 'smbclient' Remote Code Execution
---
Put /etc/passwd
Get .bashrc
# milw0rm.com [2006-11-14]
Bugzilla
CVE-2006-5925 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2006-5925 [HIGH] CVE-2006-5925 security flaw
CVE-2006-5925 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.
Bugzilla
CVE-2006-5925 elinks smb protocol arbitrary file access
bugzilla·2006-11-15·CVSS 7.5
CVE-2006-5925 [HIGH] CVE-2006-5925 elinks smb protocol arbitrary file access
CVE-2006-5925 elinks smb protocol arbitrary file access
A flaw has been found in the way elinks parses smb:// protocol URLs:
http://marc.theaimsgroup.com/?l=full-disclosure&m=116355556512780&w=2
This flaw could allow a remote web page to read and write arbitrary files with
the permissions of the user running elinks.
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2006-0742.html
---
Hi, I'm looking into fixing this for Fedora Legacy (FC3 & FC4), and I'm curiou
Bugzilla
CVE-2006-5925 elinks smb protocol arbitrary file access
bugzilla·2006-11-15·CVSS 7.5
CVE-2006-5925 [HIGH] CVE-2006-5925 elinks smb protocol arbitrary file access
CVE-2006-5925 elinks smb protocol arbitrary file access
+++ This bug was initially created as a clone of Bug #215731 +++
A flaw has been found in the way elinks parses smb:// protocol URLs:
http://marc.theaimsgroup.com/?l=full-disclosure&m=116355556512780&w=2
This flaw could allow a remote web page to read and write arbitrary files with
the permissions of the user running elinks.
Discussion:
The --disable-smb option has been added to FC5 and FC6 spec file (... although
this bug doesn't have impact on packages which was compiled in build roots where
is not smbclient (e.g. mock build roots).
---
elinks-0.11.0-2.4 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
---
elinks-0.
http://bugzilla.elinks.cz/show_bug.cgi?id=841http://marc.info/?l=full-disclosure&m=116355556512780&w=2http://secunia.com/advisories/22905http://secunia.com/advisories/22920http://secunia.com/advisories/22923http://secunia.com/advisories/23022http://secunia.com/advisories/23132http://secunia.com/advisories/23188http://secunia.com/advisories/23234http://secunia.com/advisories/23389http://secunia.com/advisories/23467http://secunia.com/advisories/24005http://secunia.com/advisories/24054http://security.gentoo.org/glsa/glsa-200612-16.xmlhttp://securitytracker.com/id?1017232http://securitytracker.com/id?1017233http://www.debian.org/security/2006/dsa-1228http://www.debian.org/security/2006/dsa-1240http://www.gentoo.org/security/en/glsa/glsa-200701-27.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:216http://www.novell.com/linux/security/advisories/2006_27_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0742.htmlhttp://www.securityfocus.com/archive/1/451870/100/200/threadedhttp://www.securityfocus.com/bid/21082http://www.trustix.org/errata/2007/0005https://exchange.xforce.ibmcloud.com/vulnerabilities/30299https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11213https://www.debian.org/security/2006/dsa-1226http://bugzilla.elinks.cz/show_bug.cgi?id=841http://marc.info/?l=full-disclosure&m=116355556512780&w=2http://secunia.com/advisories/22905http://secunia.com/advisories/22920http://secunia.com/advisories/22923http://secunia.com/advisories/23022http://secunia.com/advisories/23132http://secunia.com/advisories/23188http://secunia.com/advisories/23234http://secunia.com/advisories/23389http://secunia.com/advisories/23467http://secunia.com/advisories/24005http://secunia.com/advisories/24054http://security.gentoo.org/glsa/glsa-200612-16.xmlhttp://securitytracker.com/id?1017232http://securitytracker.com/id?1017233http://www.debian.org/security/2006/dsa-1228http://www.debian.org/security/2006/dsa-1240http://www.gentoo.org/security/en/glsa/glsa-200701-27.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:216http://www.novell.com/linux/security/advisories/2006_27_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0742.htmlhttp://www.securityfocus.com/archive/1/451870/100/200/threadedhttp://www.securityfocus.com/bid/21082http://www.trustix.org/errata/2007/0005https://exchange.xforce.ibmcloud.com/vulnerabilities/30299https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11213https://www.debian.org/security/2006/dsa-1226
2006-11-15
Published