The links web browser with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.

Corporate 3.0 is not affected by this issue, as that version of links does not have smb:// URI support.

Updated packages have disabled access to smb:// URIs.

Malicious websites could abuse smb:// URLs to read or write arbitrary files of the user (CVE-2006-5925). Therefore this update disables SMB support in links.

來自 Red Hat 安全性公告 2006:0742：

現已提供適用於 Red Hat Enterprise Linux 4 的更新版 elinks 套件，可更正一個安全性弱點。

Red Hat 安全性回應團隊已將此更新評等為具有重大安全性影響。

Elinks 是從命令行使用的文字模式網頁瀏覽器，支援轉譯現代化網頁。

在 Elinks SMB 通訊協定處置程式中發現任意檔案存取瑕疵。惡意網頁可能導致以執行 Elinks 的使用者權限讀取或寫入檔案。
(CVE-2006-5925)

建議所有 Elinks 使用者皆升級至此更新版套件，透過移除 Elinks 的 SMB 通訊協定支援，來解決此問題。

注意：此問題不會影響 Red Hat Enterprise Linux 3 隨附的 Elinks 套件，或是 Red Hat Enterprise Linux 2.1 隨附的 Links 套件。

Red Hat セキュリティアドバイザリ 2006:0742 から：

セキュリティの脆弱性を修正する更新済みの elinks パッケージが、Red Hat Enterprise Linux 4 で現在利用可能です。

Red Hat セキュリティレスポンスチームは、この更新には重大なセキュリティインパクトがあるものとして評価しています。

Elinks は、モダン Web ページのレンダリングをサポートする、コマンドラインから使用されるテキストモードの Web ブラウザです。

Elinks SMB プロトコルハンドラーに任意のファイルアクセスの欠陥が見つかりました。悪意のある Web ページにより、Elinks が、Elinks を実行するユーザーの権限でファイルを読み取りまたは書き込みさせられる可能性があります。
(CVE-2006-5925)

Elinks の全ユーザーは、この更新済みパッケージにアップグレードし、SMB プロトコルのサポートを Elinks から削除することでこの問題を解決することが推奨されます。

注：この問題は、Red Hat Enterprise Linux 3 に同梱の Elinks パッケージ、または Red Hat Enterprise Linux 2.1 に同梱の Links パッケージには影響しませんでした。

来自 Red Hat 安全公告 2006:0742：

更新后的 elinks 程序包修正了一个安全漏洞，现在可用于 Red Hat Enterprise Linux 4。

Red Hat 安全响应团队将此更新评级为具有严重安全影响。

Elinks 是一款从命令行使用的文本模式 Web 浏览器，支持渲染现代网页。

在 Elinks SMB 协议处理程序中发现一个任意文件访问缺陷。恶意网页可导致 Elinks 以运行 Elinks 的用户的权限读取或写入文件。
(CVE-2006-5925)

建议所有 Elinks 用户升级此更新后的程序包，该程序包通过从 Elinks 中删除对 SMB 协议的支持来解决此问题。

注意：此问题不影响 Red Hat Enterprise Linux 3 随附的 Elinks 程序包，也不影响 Red Hat Enterprise Linux 2.1 随附的 Links 程序包。

Teemu Salmela discovered that the elinks character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands.

Teemu Salmela discovered that the links character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands.

An updated elinks package that corrects a security vulnerability is now available for Red Hat Enterprise Linux 4.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

Elinks is a text mode Web browser used from the command line that supports rendering modern web pages.

An arbitrary file access flaw was found in the Elinks SMB protocol handler. A malicious web page could have caused Elinks to read or write files with the permissions of the user running Elinks.
(CVE-2006-5925)

All users of Elinks are advised to upgrade to this updated package, which resolves this issue by removing support for the SMB protocol from Elinks.

Note: this issue did not affect the Elinks package shipped with Red Hat Enterprise Linux 3, or the Links package shipped with Red Hat Enterprise Linux 2.1.

Teemu Salmela discovered that Elinks did not properly validate input when processing smb:// URLs. If a user were tricked into viewing a malicious website and had smbclient installed, a remote attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2006-5925)

Jakub Wilk discovered a logic error in Elinks, leading to a buffer overflow. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-7224).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

From Red Hat Security Advisory 2006:0742 :

An updated elinks package that corrects a security vulnerability is now available for Red Hat Enterprise Linux 4.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

Elinks is a text mode Web browser used from the command line that supports rendering modern web pages.

An arbitrary file access flaw was found in the Elinks SMB protocol handler. A malicious web page could have caused Elinks to read or write files with the permissions of the user running Elinks.
(CVE-2006-5925)

All users of Elinks are advised to upgrade to this updated package, which resolves this issue by removing support for the SMB protocol from Elinks.

Note: this issue did not affect the Elinks package shipped with Red Hat Enterprise Linux 3, or the Links package shipped with Red Hat Enterprise Linux 2.1.

The remote host is affected by the vulnerability described in GLSA-200612-16 (Links: Arbitrary Samba command execution)

    Teemu Salmela discovered that Links does not properly validate 'smb://'     URLs when it runs smbclient commands.
  Impact :

    A remote attacker could entice a user to browse to a specially crafted     'smb://' URL and execute arbitrary Samba commands, which would allow     the overwriting of arbitrary local files or the upload or the download     of arbitrary files. This vulnerability can be exploited only if     'smbclient' is installed on the victim's computer, which is provided by     the 'samba' Gentoo package.
  Workaround :

    There is no known workaround at this time.

Teemu Salmela discovered that the links2 character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands.

The remote host is affected by the vulnerability described in GLSA-200701-27 (ELinks: Arbitrary Samba command execution)

    Teemu Salmela discovered an error in the validation code of 'smb://'     URLs used by ELinks, the same issue as reported in GLSA 200612-16     concerning Links.
  Impact :

    A remote attacker could entice a user to browse to a specially crafted     'smb://' URL and execute arbitrary Samba commands, which would allow     the overwriting of arbitrary local files or the upload or download of     arbitrary files. This vulnerability can be exploited only if     'smbclient' is installed on the victim's computer, which is provided by     the 'samba' Gentoo package.
  Workaround :

    There is no known workaround at this time.

ID	名稱	產品	系列	已發布	已更新	嚴重性
24601	Mandrake Linux Security Advisory : links (MDKSA-2006:216)	Nessus	Mandriva Local Security Checks	2007/2/18	2021/1/6	high
27342	openSUSE 10 Security Update : links (links-2292)	Nessus	SuSE Local Security Checks	2007/10/17	2021/1/14	high
67426	Oracle Linux 4：elinks (ELSA-2006-0742)	Nessus	Oracle Linux Local Security Checks	2013/7/12	2021/1/14	high
67426	Oracle Linux 4：elinks（ELSA-2006-0742）	Nessus	Oracle Linux Local Security Checks	2013/7/12	2021/1/14	high
67426	Oracle Linux 4：elinks (ELSA-2006-0742)	Nessus	Oracle Linux Local Security Checks	2013/7/12	2021/1/14	high
23770	Debian DSA-1228-1 : elinks - insufficient escaping	Nessus	Debian Local Security Checks	2006/12/6	2021/1/4	high
23844	Debian DSA-1226-1 : links - insufficient escaping	Nessus	Debian Local Security Checks	2006/12/14	2021/1/4	high
37097	CentOS 4 : elinks (CESA-2006:0742)	Nessus	CentOS Local Security Checks	2009/4/23	2021/1/4	high
42208	Ubuntu 6.06 LTS : elinks vulnerabilities (USN-851-1)	Nessus	Ubuntu Local Security Checks	2009/10/22	2021/1/19	high
67426	Oracle Linux 4 : elinks (ELSA-2006-0742)	Nessus	Oracle Linux Local Security Checks	2013/7/12	2021/1/14	high
23873	GLSA-200612-16 : Links: Arbitrary Samba command execution	Nessus	Gentoo Local Security Checks	2006/12/16	2021/1/6	high
23945	Debian DSA-1240-1 : links2 - insufficient escaping	Nessus	Debian Local Security Checks	2006/12/30	2021/1/4	high
24312	GLSA-200701-27 : ELinks: Arbitrary Samba command execution	Nessus	Gentoo Local Security Checks	2007/2/9	2021/1/6	high
23684	RHEL 4 : elinks (RHSA-2006:0742)	Nessus	Red Hat Local Security Checks	2006/11/20	2021/1/14	high

偵測

搜尋 Plugin

high

high

high

high

high

high

high

high

high

high

high

high

high

high