Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/glsa-200701-27.xml
blob: f973d0777a663beb9b74d662830bf17cdef15bd1 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id="200701-27">
  <title>ELinks: Arbitrary Samba command execution</title>
  <synopsis>
    ELinks does not properly validate "smb://" URLs, making it vulnerable to
    the execution of arbitrary Samba commands.
  </synopsis>
  <product type="ebuild">elinks</product>
  <announced>2007-01-30</announced>
  <revised count="01">2007-01-30</revised>
  <bug>155358</bug>
  <access>remote</access>
  <affected>
    <package name="www-client/elinks" auto="yes" arch="*">
      <unaffected range="ge">0.11.2</unaffected>
      <vulnerable range="lt">0.11.2</vulnerable>
    </package>
  </affected>
  <background>
    <p>
    ELinks is a text mode web browser.
    </p>
  </background>
  <description>
    <p>
    Teemu Salmela discovered an error in the validation code of "smb://"
    URLs used by ELinks, the same issue as reported in GLSA 200612-16
    concerning Links.
    </p>
  </description>
  <impact type="normal">
    <p>
    A remote attacker could entice a user to browse to a specially crafted
    "smb://" URL and execute arbitrary Samba commands, which would allow
    the overwriting of arbitrary local files or the upload or download of
    arbitrary files. This vulnerability can be exploited only if
    "smbclient" is installed on the victim's computer, which is provided by
    the "samba" Gentoo package.
    </p>
  </impact>
  <workaround>
    <p>
    There is no known workaround at this time.
    </p>
  </workaround>
  <resolution>
    <p>
    All ELinks users should upgrade to the latest version:
    </p>
    <code>
    # emerge --sync
    # emerge --ask --oneshot --verbose "&gt;=www-client/elinks-0.11.2"</code>
  </resolution>
  <references>
    <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5925">CVE-2006-5925</uri>
  </references>
  <metadata tag="submitter" timestamp="2007-01-30T10:52:21Z">
    hyakuhei
  </metadata>
  <metadata tag="bugReady" timestamp="2007-01-30T11:02:26Z">
    falco
  </metadata>
</glsa>