Lucene search

[email protected]CVE-2006-5925

HistoryNov 15, 2006 - 7:07 p.m.

CVE-2006-5925

2006-11-1519:07:00

[email protected]

web.nvd.nist.gov

cve

2006

5925

remote code execution

smb

uri

web browser

elinks

smbclient

arbitrary code

metacharacters

put

get

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.843 High

EPSS

Percentile

98.5%

JSON

Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.

Affected configurations

NVD

Node

elinkselinksMatch0.9.2

linkslinksMatch1.00pre12

CPENameOperatorVersion
elinks:elinkselinkseq0.9.2
links:linkslinkseq1.00pre12

CPE	Name	Operator	Version
elinks:elinks	elinks	eq	0.9.2
links:links	links	eq	1.00pre12

References

bugzilla.elinks.cz/show_bug.cgi?id=841

marc.info/?l=full-disclosure&m=116355556512780&w=2

secunia.com/advisories/22905

secunia.com/advisories/22920

secunia.com/advisories/22923

secunia.com/advisories/23022

secunia.com/advisories/23132

secunia.com/advisories/23188

secunia.com/advisories/23234

secunia.com/advisories/23389

secunia.com/advisories/23467

secunia.com/advisories/24005

secunia.com/advisories/24054

security.gentoo.org/glsa/glsa-200612-16.xml

securitytracker.com/id?1017232

securitytracker.com/id?1017233

www.debian.org/security/2006/dsa-1228

www.debian.org/security/2006/dsa-1240

www.gentoo.org/security/en/glsa/glsa-200701-27.xml

www.mandriva.com/security/advisories?name=MDKSA-2006:216

www.novell.com/linux/security/advisories/2006_27_sr.html

www.redhat.com/support/errata/RHSA-2006-0742.html

www.securityfocus.com/archive/1/451870/100/200/threaded

www.securityfocus.com/bid/21082

www.trustix.org/errata/2007/0005

exchange.xforce.ibmcloud.com/vulnerabilities/30299

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11213

www.debian.org/security/2006/dsa-1226

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.843 High

EPSS

Percentile

98.5%

JSON

Related for CVE-2006-5925

nessus13 gentoo2 openvas11 debian3 debiancve1 oraclelinux1 nvd1 redhat1 centos1 ubuntucve1 cvelist1 ubuntu1