Vulnerabilities > CVE-2006-5925
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 |
Exploit-Db
| description | Links, ELinks 'smbclient' Remote Command Execution Vulnerability. CVE-2006-5925. Remote exploit for linux platform |
| id | EDB-ID:29033 |
| last seen | 2016-02-03 |
| modified | 2006-11-18 |
| published | 2006-11-18 |
| reporter | Teemu Salmela |
| source | https://www.exploit-db.com/download/29033/ |
| title | Links, ELinks 'smbclient' Remote Command Execution Vulnerability |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200612-16.NASL description The remote host is affected by the vulnerability described in GLSA-200612-16 (Links: Arbitrary Samba command execution) Teemu Salmela discovered that Links does not properly validate last seen 2020-06-01 modified 2020-06-02 plugin id 23873 published 2006-12-16 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23873 title GLSA-200612-16 : Links: Arbitrary Samba command execution code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200612-16. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(23873); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:43"); script_cve_id("CVE-2006-5925"); script_xref(name:"GLSA", value:"200612-16"); script_name(english:"GLSA-200612-16 : Links: Arbitrary Samba command execution"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200612-16 (Links: Arbitrary Samba command execution) Teemu Salmela discovered that Links does not properly validate 'smb://' URLs when it runs smbclient commands. Impact : A remote attacker could entice a user to browse to a specially crafted 'smb://' URL and execute arbitrary Samba commands, which would allow the overwriting of arbitrary local files or the upload or the download of arbitrary files. This vulnerability can be exploited only if 'smbclient' is installed on the victim's computer, which is provided by the 'samba' Gentoo package. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200612-16" ); script_set_attribute( attribute:"solution", value: "All Links users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/links-2.1_pre26'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:links"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/12/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/16"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/11/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-client/links", unaffected:make_list("ge 2.1_pre26"), vulnerable:make_list("lt 2.1_pre26"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Links"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1240.NASL description Teemu Salmela discovered that the links2 character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands. last seen 2020-06-01 modified 2020-06-02 plugin id 23945 published 2006-12-30 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23945 title Debian DSA-1240-1 : links2 - insufficient escaping code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1240. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(23945); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:20"); script_cve_id("CVE-2006-5925"); script_xref(name:"DSA", value:"1240"); script_name(english:"Debian DSA-1240-1 : links2 - insufficient escaping"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Teemu Salmela discovered that the links2 character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=400718" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1240" ); script_set_attribute( attribute:"solution", value: "Upgrade the links2 package. For the stable distribution (sarge) this problem has been fixed in version 2.1pre16-1sarge1. For the upcoming stable distribution (etch) this problem has been fixed in version 2.1pre26-1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:links2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/12/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/30"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/11/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"links2", reference:"2.1pre16-1sarge1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_LINKS-2292.NASL description Malicious websites could abuse smb:// URLs to read or write arbitrary files of the user (CVE-2006-5925). Therefore this update disables SMB support in links. last seen 2020-06-01 modified 2020-06-02 plugin id 27342 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27342 title openSUSE 10 Security Update : links (links-2292) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update links-2292. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27342); script_version ("1.12"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_cve_id("CVE-2006-5925"); script_name(english:"openSUSE 10 Security Update : links (links-2292)"); script_summary(english:"Check for the links-2292 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Malicious websites could abuse smb:// URLs to read or write arbitrary files of the user (CVE-2006-5925). Therefore this update disables SMB support in links." ); script_set_attribute(attribute:"solution", value:"Update the affected links package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:links"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/11/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"links-2.1pre18-14.5") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "links"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-851-1.NASL description Teemu Salmela discovered that Elinks did not properly validate input when processing smb:// URLs. If a user were tricked into viewing a malicious website and had smbclient installed, a remote attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2006-5925) Jakub Wilk discovered a logic error in Elinks, leading to a buffer overflow. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-7224). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 42208 published 2009-10-22 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42208 title Ubuntu 6.06 LTS : elinks vulnerabilities (USN-851-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-851-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(42208); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:33:02"); script_cve_id("CVE-2006-5925", "CVE-2008-7224"); script_xref(name:"USN", value:"851-1"); script_name(english:"Ubuntu 6.06 LTS : elinks vulnerabilities (USN-851-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Teemu Salmela discovered that Elinks did not properly validate input when processing smb:// URLs. If a user were tricked into viewing a malicious website and had smbclient installed, a remote attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2006-5925) Jakub Wilk discovered a logic error in Elinks, leading to a buffer overflow. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-7224). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/851-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected elinks and / or elinks-lite packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:elinks"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:elinks-lite"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"patch_publication_date", value:"2009/10/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/10/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"elinks", pkgver:"0.10.6-1ubuntu3.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"elinks-lite", pkgver:"0.10.6-1ubuntu3.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "elinks / elinks-lite"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1226.NASL description Teemu Salmela discovered that the links character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands. last seen 2020-06-01 modified 2020-06-02 plugin id 23844 published 2006-12-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23844 title Debian DSA-1226-1 : links - insufficient escaping code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1226. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(23844); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:20"); script_cve_id("CVE-2006-5925"); script_xref(name:"DSA", value:"1226"); script_name(english:"Debian DSA-1226-1 : links - insufficient escaping"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Teemu Salmela discovered that the links character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=399187" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1226" ); script_set_attribute( attribute:"solution", value: "Upgrade the links package. For the stable distribution (sarge) this problem has been fixed in version 0.99+1.00pre12-1sarge1. For the upcoming stable distribution (etch) this problem has been fixed in version 0.99+1.00pre12-1.1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:links"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/12/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"links", reference:"0.99+1.00pre12-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"links-ssl", reference:"0.99+1.00pre12-1sarge1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1228.NASL description Teemu Salmela discovered that the elinks character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands. last seen 2020-06-01 modified 2020-06-02 plugin id 23770 published 2006-12-06 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23770 title Debian DSA-1228-1 : elinks - insufficient escaping code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1228. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(23770); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:20"); script_cve_id("CVE-2006-5925"); script_xref(name:"DSA", value:"1228"); script_name(english:"Debian DSA-1228-1 : elinks - insufficient escaping"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Teemu Salmela discovered that the elinks character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=399188" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1228" ); script_set_attribute( attribute:"solution", value: "Upgrade the elinks package. For the stable distribution (sarge) this problem has been fixed in version 0.10.4-7.1. For the upcoming stable distribution (etch) this problem has been fixed in version 0.11.1-1.2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:elinks"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/12/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/06"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/11/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"elinks", reference:"0.10.4-7.1")) flag++; if (deb_check(release:"3.1", prefix:"elinks-lite", reference:"0.10.4-7.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0742.NASL description An updated elinks package that corrects a security vulnerability is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Elinks is a text mode Web browser used from the command line that supports rendering modern web pages. An arbitrary file access flaw was found in the Elinks SMB protocol handler. A malicious web page could have caused Elinks to read or write files with the permissions of the user running Elinks. (CVE-2006-5925) All users of Elinks are advised to upgrade to this updated package, which resolves this issue by removing support for the SMB protocol from Elinks. Note: this issue did not affect the Elinks package shipped with Red Hat Enterprise Linux 3, or the Links package shipped with Red Hat Enterprise Linux 2.1. last seen 2020-06-01 modified 2020-06-02 plugin id 37097 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37097 title CentOS 4 : elinks (CESA-2006:0742) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0742 and # CentOS Errata and Security Advisory 2006:0742 respectively. # include("compat.inc"); if (description) { script_id(37097); script_version("1.11"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2006-5925"); script_xref(name:"RHSA", value:"2006:0742"); script_name(english:"CentOS 4 : elinks (CESA-2006:0742)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated elinks package that corrects a security vulnerability is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Elinks is a text mode Web browser used from the command line that supports rendering modern web pages. An arbitrary file access flaw was found in the Elinks SMB protocol handler. A malicious web page could have caused Elinks to read or write files with the permissions of the user running Elinks. (CVE-2006-5925) All users of Elinks are advised to upgrade to this updated package, which resolves this issue by removing support for the SMB protocol from Elinks. Note: this issue did not affect the Elinks package shipped with Red Hat Enterprise Linux 3, or the Links package shipped with Red Hat Enterprise Linux 2.1." ); # https://lists.centos.org/pipermail/centos-announce/2006-November/013412.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6186841e" ); # https://lists.centos.org/pipermail/centos-announce/2006-November/013413.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b085ba6d" ); # https://lists.centos.org/pipermail/centos-announce/2006-November/013414.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0dab7d9c" ); script_set_attribute( attribute:"solution", value:"Update the affected elinks package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:elinks"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/11/15"); script_set_attribute(attribute:"patch_publication_date", value:"2006/11/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-4", reference:"elinks-0.9.2-3.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "elinks"); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-216.NASL description The links web browser with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements. Corporate 3.0 is not affected by this issue, as that version of links does not have smb:// URI support. Updated packages have disabled access to smb:// URIs. last seen 2020-06-01 modified 2020-06-02 plugin id 24601 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24601 title Mandrake Linux Security Advisory : links (MDKSA-2006:216) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2006:216. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(24601); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2006-5925"); script_xref(name:"MDKSA", value:"2006:216"); script_name(english:"Mandrake Linux Security Advisory : links (MDKSA-2006:216)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The links web browser with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements. Corporate 3.0 is not affected by this issue, as that version of links does not have smb:// URI support. Updated packages have disabled access to smb:// URIs." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:links"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:links-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:links-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:links-graphic"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007"); script_set_attribute(attribute:"patch_publication_date", value:"2006/11/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2006.0", reference:"links-2.1-0.pre18.5.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"links-common-2.1-0.pre18.5.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"links-graphic-2.1-0.pre18.5.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2007.0", reference:"links-2.1-0.pre18.13.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"links-common-2.1-0.pre18.13.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"links-debug-2.1-0.pre18.13.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"links-graphic-2.1-0.pre18.13.1mdv2007.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200701-27.NASL description The remote host is affected by the vulnerability described in GLSA-200701-27 (ELinks: Arbitrary Samba command execution) Teemu Salmela discovered an error in the validation code of last seen 2020-06-01 modified 2020-06-02 plugin id 24312 published 2007-02-09 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24312 title GLSA-200701-27 : ELinks: Arbitrary Samba command execution code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200701-27. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(24312); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:43"); script_cve_id("CVE-2006-5925"); script_xref(name:"GLSA", value:"200701-27"); script_name(english:"GLSA-200701-27 : ELinks: Arbitrary Samba command execution"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200701-27 (ELinks: Arbitrary Samba command execution) Teemu Salmela discovered an error in the validation code of 'smb://' URLs used by ELinks, the same issue as reported in GLSA 200612-16 concerning Links. Impact : A remote attacker could entice a user to browse to a specially crafted 'smb://' URL and execute arbitrary Samba commands, which would allow the overwriting of arbitrary local files or the upload or download of arbitrary files. This vulnerability can be exploited only if 'smbclient' is installed on the victim's computer, which is provided by the 'samba' Gentoo package. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200701-27" ); script_set_attribute( attribute:"solution", value: "All ELinks users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/elinks-0.11.2'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:elinks"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/01/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/09"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/11/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-client/elinks", unaffected:make_list("ge 0.11.2"), vulnerable:make_list("lt 0.11.2"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ELinks"); }NASL family Fedora Local Security Checks NASL id FEDORA_2006-1278.NASL description - Tue Nov 21 2006 Karel Zak <kzak at redhat.com> 0.11.1-5.1 - fix #215734: CVE-2006-5925 elinks smb protocol arbitrary file access - Wed Oct 11 2006 Karel Zak <kzak at redhat.com> 0.11.1-5 - fix #210103 - elinks crashes when given bad HTTP_PROXY - Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 0.11.1-4.1 - rebuild - Mon Jun 12 2006 Karel Zak <kzak at redhat.com> 0.11.1-4 - improved negotiate-auth patch (faster now) - Fri Jun 9 2006 Karel Zak <kzak at redhat.com> 0.11.1-3 - added negotiate-auth (GSSAPI) support -- EXPERIMENTAL! - Mon May 29 2006 Karel Zak <kzak at redhat.com> 0.11.1-2 - update to new upstream version - Wed May 17 2006 Karsten Hopp <karsten at redhat.de> 0.11.0-3 - add buildrequires bzip2-devel, expat-devel,libidn-devel - Fri Feb 10 2006 Jesse Keating <jkeating at redhat.com> - 0.11.0-2.2 - bump again for double-long bug on ppc(64) - Tue Feb 7 2006 Jesse Keating <jkeating at redhat.com> - 0.11.0-2.1 - rebuilt for new gcc4.1 snapshot and glibc changes - Tue Jan 10 2006 Karel Zak <kzak at redhat.com> 0.11.0-2 - use upstream version of srcdir.patch - Tue Jan 10 2006 Karel Zak <kzak at redhat.com> 0.11.0-1 - update to new upstream version - fix 0.11.0 build system (srcdir.patch) - regenerate patches: elinks-0.11.0-getaddrinfo.patch, elinks-0.11.0-ssl-noegd.patch, elinks-0.11.0-sysname.patch, elinks-0.11.0-union.patch - Fri Dec 9 2005 Jesse Keating <jkeating at redhat.com> 0.10.6-2.1 - rebuilt - Wed Nov 9 2005 Karel Zak <kzak at redhat.com> 0.10.6-2 - rebuild (against new openssl) - Thu Sep 29 2005 Karel Zak <kzak at redhat.com> 0.10.6-1 - update to new upstream version - Tue May 17 2005 Karel Zak <kzak at redhat.com> 0.10.3-3 - fix #157300 - Strange behavior on ppc64 (patch by Miloslav Trmac) - Tue May 10 2005 Miloslav Trmac <mitr at redhat.com> - 0.10.3-2 - Fix checking for numeric command prefix (#152953, patch by Jonas Fonseca) - Fix invalid C causing assertion errors on ppc and ia64 (#156647) - Mon Mar 21 2005 Karel Zak <kzak at redhat.com> 0.10.3-1 - sync with upstream; stable 0.10.3 - Sat Mar 5 2005 Karel Zak <kzak at redhat.com> 0.10.2-2 - rebuilt - Tue Feb 8 2005 Karel Zak <kzak at redhat.com> 0.10.2-1 - sync with upstream; stable 0.10.2 - Fri Jan 28 2005 Karel Zak <kzak at redhat.com> 0.10.1-1 - sync with upstream; stable 0.10.1 - Thu Oct 14 2004 Karel Zak <kzak at redhat.com> 0.9.2-2 - the last seen 2020-06-01 modified 2020-06-02 plugin id 24056 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24056 title Fedora Core 6 : elinks-0.11.1-5.1 (2006-1278) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2006-1278. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(24056); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:24"); script_xref(name:"FEDORA", value:"2006-1278"); script_name(english:"Fedora Core 6 : elinks-0.11.1-5.1 (2006-1278)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Tue Nov 21 2006 Karel Zak <kzak at redhat.com> 0.11.1-5.1 - fix #215734: CVE-2006-5925 elinks smb protocol arbitrary file access - Wed Oct 11 2006 Karel Zak <kzak at redhat.com> 0.11.1-5 - fix #210103 - elinks crashes when given bad HTTP_PROXY - Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 0.11.1-4.1 - rebuild - Mon Jun 12 2006 Karel Zak <kzak at redhat.com> 0.11.1-4 - improved negotiate-auth patch (faster now) - Fri Jun 9 2006 Karel Zak <kzak at redhat.com> 0.11.1-3 - added negotiate-auth (GSSAPI) support -- EXPERIMENTAL! - Mon May 29 2006 Karel Zak <kzak at redhat.com> 0.11.1-2 - update to new upstream version - Wed May 17 2006 Karsten Hopp <karsten at redhat.de> 0.11.0-3 - add buildrequires bzip2-devel, expat-devel,libidn-devel - Fri Feb 10 2006 Jesse Keating <jkeating at redhat.com> - 0.11.0-2.2 - bump again for double-long bug on ppc(64) - Tue Feb 7 2006 Jesse Keating <jkeating at redhat.com> - 0.11.0-2.1 - rebuilt for new gcc4.1 snapshot and glibc changes - Tue Jan 10 2006 Karel Zak <kzak at redhat.com> 0.11.0-2 - use upstream version of srcdir.patch - Tue Jan 10 2006 Karel Zak <kzak at redhat.com> 0.11.0-1 - update to new upstream version - fix 0.11.0 build system (srcdir.patch) - regenerate patches: elinks-0.11.0-getaddrinfo.patch, elinks-0.11.0-ssl-noegd.patch, elinks-0.11.0-sysname.patch, elinks-0.11.0-union.patch - Fri Dec 9 2005 Jesse Keating <jkeating at redhat.com> 0.10.6-2.1 - rebuilt - Wed Nov 9 2005 Karel Zak <kzak at redhat.com> 0.10.6-2 - rebuild (against new openssl) - Thu Sep 29 2005 Karel Zak <kzak at redhat.com> 0.10.6-1 - update to new upstream version - Tue May 17 2005 Karel Zak <kzak at redhat.com> 0.10.3-3 - fix #157300 - Strange behavior on ppc64 (patch by Miloslav Trmac) - Tue May 10 2005 Miloslav Trmac <mitr at redhat.com> - 0.10.3-2 - Fix checking for numeric command prefix (#152953, patch by Jonas Fonseca) - Fix invalid C causing assertion errors on ppc and ia64 (#156647) - Mon Mar 21 2005 Karel Zak <kzak at redhat.com> 0.10.3-1 - sync with upstream; stable 0.10.3 - Sat Mar 5 2005 Karel Zak <kzak at redhat.com> 0.10.2-2 - rebuilt - Tue Feb 8 2005 Karel Zak <kzak at redhat.com> 0.10.2-1 - sync with upstream; stable 0.10.2 - Fri Jan 28 2005 Karel Zak <kzak at redhat.com> 0.10.1-1 - sync with upstream; stable 0.10.1 - Thu Oct 14 2004 Karel Zak <kzak at redhat.com> 0.9.2-2 - the 'Linux' driver seems better than 'VT100' for xterm (#128105) - Wed Oct 6 2004 Karel Zak <kzak at redhat.com> 0.9.2-1 [plus 117 lines in the Changelog] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2006-November/000946.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?00bdc36c" ); script_set_attribute( attribute:"solution", value:"Update the affected elinks and / or elinks-debuginfo packages." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:elinks"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:elinks-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:6"); script_set_attribute(attribute:"patch_publication_date", value:"2006/11/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 6.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC6", reference:"elinks-0.11.1-5.1")) flag++; if (rpm_check(release:"FC6", reference:"elinks-debuginfo-0.11.1-5.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "elinks / elinks-debuginfo"); }NASL family Fedora Local Security Checks NASL id FEDORA_2006-1277.NASL description - Tue Nov 21 2006 Karel Zak <kzak at redhat.com> 0.11.0-2.4 - fix #215734: CVE-2006-5925 elinks smb protocol arbitrary file access - Mon May 29 2006 Karel Zak <kzak at redhat.com> 0.11.0-2.3 - add buildrequires bzip2-devel, expat-devel,libidn-devel Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24055 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24055 title Fedora Core 5 : elinks-0.11.0-2.4 (2006-1277) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2006-1277. # include("compat.inc"); if (description) { script_id(24055); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:24"); script_xref(name:"FEDORA", value:"2006-1277"); script_name(english:"Fedora Core 5 : elinks-0.11.0-2.4 (2006-1277)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Tue Nov 21 2006 Karel Zak <kzak at redhat.com> 0.11.0-2.4 - fix #215734: CVE-2006-5925 elinks smb protocol arbitrary file access - Mon May 29 2006 Karel Zak <kzak at redhat.com> 0.11.0-2.3 - add buildrequires bzip2-devel, expat-devel,libidn-devel Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2006-November/000945.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?08fd6a63" ); script_set_attribute( attribute:"solution", value:"Update the affected elinks and / or elinks-debuginfo packages." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:elinks"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:elinks-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5"); script_set_attribute(attribute:"patch_publication_date", value:"2006/11/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC5", reference:"elinks-0.11.0-2.4")) flag++; if (rpm_check(release:"FC5", reference:"elinks-debuginfo-0.11.0-2.4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "elinks / elinks-debuginfo"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2006-0742.NASL description From Red Hat Security Advisory 2006:0742 : An updated elinks package that corrects a security vulnerability is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Elinks is a text mode Web browser used from the command line that supports rendering modern web pages. An arbitrary file access flaw was found in the Elinks SMB protocol handler. A malicious web page could have caused Elinks to read or write files with the permissions of the user running Elinks. (CVE-2006-5925) All users of Elinks are advised to upgrade to this updated package, which resolves this issue by removing support for the SMB protocol from Elinks. Note: this issue did not affect the Elinks package shipped with Red Hat Enterprise Linux 3, or the Links package shipped with Red Hat Enterprise Linux 2.1. last seen 2020-06-01 modified 2020-06-02 plugin id 67426 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67426 title Oracle Linux 4 : elinks (ELSA-2006-0742) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0742 and # Oracle Linux Security Advisory ELSA-2006-0742 respectively. # include("compat.inc"); if (description) { script_id(67426); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:06"); script_cve_id("CVE-2006-5925"); script_xref(name:"RHSA", value:"2006:0742"); script_name(english:"Oracle Linux 4 : elinks (ELSA-2006-0742)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2006:0742 : An updated elinks package that corrects a security vulnerability is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Elinks is a text mode Web browser used from the command line that supports rendering modern web pages. An arbitrary file access flaw was found in the Elinks SMB protocol handler. A malicious web page could have caused Elinks to read or write files with the permissions of the user running Elinks. (CVE-2006-5925) All users of Elinks are advised to upgrade to this updated package, which resolves this issue by removing support for the SMB protocol from Elinks. Note: this issue did not affect the Elinks package shipped with Red Hat Enterprise Linux 3, or the Links package shipped with Red Hat Enterprise Linux 2.1." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2006-November/000021.html" ); script_set_attribute( attribute:"solution", value:"Update the affected elinks package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:elinks"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/11/15"); script_set_attribute(attribute:"patch_publication_date", value:"2006/11/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL4", cpu:"i386", reference:"elinks-0.9.2-3.3")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"elinks-0.9.2-3.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "elinks"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0742.NASL description An updated elinks package that corrects a security vulnerability is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Elinks is a text mode Web browser used from the command line that supports rendering modern web pages. An arbitrary file access flaw was found in the Elinks SMB protocol handler. A malicious web page could have caused Elinks to read or write files with the permissions of the user running Elinks. (CVE-2006-5925) All users of Elinks are advised to upgrade to this updated package, which resolves this issue by removing support for the SMB protocol from Elinks. Note: this issue did not affect the Elinks package shipped with Red Hat Enterprise Linux 3, or the Links package shipped with Red Hat Enterprise Linux 2.1. last seen 2020-06-01 modified 2020-06-02 plugin id 23684 published 2006-11-20 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/23684 title RHEL 4 : elinks (RHSA-2006:0742)
Oval
| accepted | 2013-04-29T04:12:24.365-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:11213 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements. | ||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://bugzilla.elinks.cz/show_bug.cgi?id=841
- http://marc.info/?l=full-disclosure&m=116355556512780&w=2
- http://secunia.com/advisories/22905
- http://secunia.com/advisories/22920
- http://secunia.com/advisories/22923
- http://secunia.com/advisories/23022
- http://secunia.com/advisories/23132
- http://secunia.com/advisories/23188
- http://secunia.com/advisories/23234
- http://secunia.com/advisories/23389
- http://secunia.com/advisories/23467
- http://secunia.com/advisories/24005
- http://secunia.com/advisories/24054
- http://security.gentoo.org/glsa/glsa-200612-16.xml
- http://securitytracker.com/id?1017232
- http://securitytracker.com/id?1017233
- http://www.debian.org/security/2006/dsa-1228
- http://www.debian.org/security/2006/dsa-1240
- http://www.gentoo.org/security/en/glsa/glsa-200701-27.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:216
- http://www.novell.com/linux/security/advisories/2006_27_sr.html
- http://www.redhat.com/support/errata/RHSA-2006-0742.html
- http://www.securityfocus.com/archive/1/451870/100/200/threaded
- http://www.securityfocus.com/bid/21082
- http://www.trustix.org/errata/2007/0005
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30299
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11213
- https://www.debian.org/security/2006/dsa-1226