Executive Summary
Summary | |
---|---|
Title | elinks security update |
Informations | |||
---|---|---|---|
Name | RHSA-2006:0742 | First vendor Publication | 2006-11-15 |
Vendor | RedHat | Last vendor Modification | 2006-11-15 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated elinks package that corrects a security vulnerability is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: Elinks is a text mode Web browser used from the command line that supports rendering modern web pages. An arbitrary file access flaw was found in the Elinks SMB protocol handler. A malicious web page could have caused Elinks to read or write files with the permissions of the user running Elinks. (CVE-2006-5925) All users of Elinks are advised to upgrade to this updated package, which resolves this issue by removing support for the SMB protocol from Elinks. Note: this issue did not affect the Elinks package shipped with Red Hat Enterprise Linux 3, or the Links package shipped with Red Hat Enterprise Linux 2.1. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 215731 - CVE-2006-5925 elinks smb protocol arbitrary file access |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2006-0742.html |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11213 | |||
Oval ID: | oval:org.mitre.oval:def:11213 | ||
Title: | Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements. | ||
Description: | Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-5925 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2009-10-27 | Name : Ubuntu USN-851-1 (elinks) File : nvt/ubuntu_851_1.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200612-16 (links) File : nvt/glsa_200612_16.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200701-27 (elinks) File : nvt/glsa_200701_27.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1226-1 (links) File : nvt/deb_1226_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1228-1 (elinks) File : nvt/deb_1228_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
30437 | Links/Elinks smbclient smb:// URI Handling Arbitrary Command Execution |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2006-0742.nasl - Type : ACT_GATHER_INFO |
2009-10-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-851-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2006-0742.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_links-2292.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-216.nasl - Type : ACT_GATHER_INFO |
2007-02-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200701-27.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-1277.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-1278.nasl - Type : ACT_GATHER_INFO |
2006-12-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1240.nasl - Type : ACT_GATHER_INFO |
2006-12-16 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200612-16.nasl - Type : ACT_GATHER_INFO |
2006-12-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1226.nasl - Type : ACT_GATHER_INFO |
2006-12-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1228.nasl - Type : ACT_GATHER_INFO |
2006-11-20 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2006-0742.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:50:19 |
|