Vulnerability Name:

CVE-2006-5925 (CCN-30299)

Assigned:2006-11-15
Published:2006-11-15
Updated:2018-10-17
Summary:Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Full-Disclosure Mailing List, Tue Nov 14 2006 - 19:14:56 CST
Links smbclient command execution

Source: CONFIRM
Type: UNKNOWN
http://bugzilla.elinks.cz/show_bug.cgi?id=841

Source: MITRE
Type: CNA
CVE-2006-5925

Source: CCN
Type: Links Web site
Twibright Labs: Links

Source: FULLDISC
Type: UNKNOWN
20061115 Links smbclient command execution

Source: CCN
Type: RHSA-2006-0742
Critical: elinks security update

Source: CCN
Type: SA22905
Links "smb" Protocol File Upload/Download Vulnerability

Source: SECUNIA
Type: Vendor Advisory
22905

Source: CCN
Type: SA22920
ELinks "smb" Protocol File Upload/Download Vulnerability

Source: SECUNIA
Type: Vendor Advisory
22920

Source: SECUNIA
Type: Vendor Advisory
22923

Source: SECUNIA
Type: Vendor Advisory
23022

Source: SECUNIA
Type: Vendor Advisory
23132

Source: SECUNIA
Type: Vendor Advisory
23188

Source: SECUNIA
Type: Vendor Advisory
23234

Source: SECUNIA
Type: Vendor Advisory
23389

Source: SECUNIA
Type: Vendor Advisory
23467

Source: SECUNIA
Type: Vendor Advisory
24005

Source: SECUNIA
Type: Vendor Advisory
24054

Source: GENTOO
Type: UNKNOWN
GLSA-200612-16

Source: CCN
Type: SECTRACK ID: 1017232
ELinks SMB URL Parsing Bug Lets Remote Users Upload/Download Files

Source: SECTRACK
Type: UNKNOWN
1017232

Source: CCN
Type: SECTRACK ID: 1017233
Links SMB URL Parsing Bug Lets Remote Users Upload/Download Files

Source: SECTRACK
Type: UNKNOWN
1017233

Source: CCN
Type: ASA-2006-252
elinks security update (RHSA-2006-0742)

Source: DEBIAN
Type: UNKNOWN
DSA-1228

Source: DEBIAN
Type: UNKNOWN
DSA-1240

Source: DEBIAN
Type: DSA-1226
links -- insufficient escaping

Source: DEBIAN
Type: DSA-1228
elinks -- insufficient escaping

Source: DEBIAN
Type: DSA-1240
links2 -- insufficient escaping

Source: CCN
Type: GLSA-200612-16
Links: Arbitrary Samba command execution

Source: CCN
Type: GLSA-200701-27
ELinks: Arbitrary Samba command execution

Source: GENTOO
Type: UNKNOWN
GLSA-200701-27

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:216

Source: SUSE
Type: UNKNOWN
SUSE-SR:2006:027

Source: CCN
Type: OpenPKG-SA-2006.043
Links

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0742

Source: BUGTRAQ
Type: UNKNOWN
20061115 Links smbclient command execution

Source: BID
Type: UNKNOWN
21082

Source: CCN
Type: BID-21082
Links, ELinks 'smbclient' Remote Command Execution Vulnerability

Source: TRUSTIX
Type: UNKNOWN
2007-0005

Source: CCN
Type: USN-851-1
Elinks vulnerabilities

Source: XF
Type: UNKNOWN
links-smbclient-command-execution(30299)

Source: XF
Type: UNKNOWN
links-smbclient-command-execution(30299)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11213

Source: DEBIAN
Type: UNKNOWN
DSA-1226

Source: SUSE
Type: SUSE-SR:2006:027
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:elinks:elinks:0.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:links:links:1.00pre12:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:elinks:elinks:0.11.1:*:*:*:*:*:*:*
  • AND
  • cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20065925
    V
    		CVE-2006-5925
    2022-06-30
    oval:org.opensuse.security:def:112185
    P
    		elinks-0.13~0.20190723-1.14 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:105717
    P
    		elinks-0.13~0.20190723-1.14 on GA media (Moderate)
    2021-10-01
    oval:org.mitre.oval:def:13402
    P
    		USN-851-1 -- elinks vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:11213
    V
    		Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.
    2013-04-29
    oval:org.debian:def:1240
    V
    		insufficient escaping
    2006-12-21
    oval:org.debian:def:1228
    V
    		insufficient escaping
    2006-12-05
    oval:org.debian:def:1226
    V
    		insufficient escaping
    2006-12-03
    oval:com.redhat.rhsa:def:20060742
    P
    		RHSA-2006:0742: elinks security update (Critical)
    2006-11-15
    BACK
    elinks elinks 0.9.2
    links links 1.00pre12
    elinks elinks 0.11.1
    openpkg openpkg current
    gentoo linux *
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    mandrakesoft mandrake linux 2006
    canonical ubuntu 6.06
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007