Links, ELinks 'smbclient' Remote Command Execution Vulnerability
BID:21082
Info
Links, ELinks 'smbclient' Remote Command Execution Vulnerability
| Bugtraq ID: | 21082 |
| Class: | Design Error |
| CVE: |
CVE-2006-5925 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 18 2006 12:00AM |
| Updated: | Oct 22 2009 04:48PM |
| Credit: | Teemu Salmela is credited with the discovery of this vulnerability. |
| Vulnerable: |
Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Twibright Labs Links 2.1pre25 Twibright Labs Links 2.1 pre24 Twibright Labs Links 2.1 pre23 Twibright Labs Links 2.1 pre16 Twibright Labs Links 2.1 Twibright Labs Links 1.00pre12 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Operating System Enterprise Server 2.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 10.1 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux AS 4 Redhat Desktop 4.0 OpenPKG OpenPKG 2.5 OpenPKG OpenPKG 2.4 OpenPKG OpenPKG 2.3 OpenPKG OpenPKG 2.2 OpenPKG OpenPKG 2.1 OpenPKG OpenPKG 2.0 OpenPKG OpenPKG Stable OpenPKG OpenPKG E1.0-Solid OpenPKG OpenPKG Current OpenPKG OpenPKG 2-Stable-20061018 Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 Gentoo Linux ELinks ELinks 0.11.1 ELinks ELinks 0.10.4 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 |
| Not Vulnerable: |
Twibright Labs Links 2.1 pre26 Twibright Labs Links 1.00pre19 |
Discussion
Links, ELinks 'smbclient' Remote Command Execution Vulnerability
Links and ELinks are prone to a remote command-execution vulnerability because the applications fail to properly process website data containing 'smb' commands.
An attacker can exploit this issue to execute arbitrary 'smb' commands on a victim computer. This may help the attacker compromise the application and the underlying system; other attacks are also possible.
Links 1.00pre12 and ELinks 0.11.1 are vulnerable; other versions may also be affected.
NOTE: This vulnerability may be exploited only if 'smbclient' is installed on a target computer.
Links and ELinks are prone to a remote command-execution vulnerability because the applications fail to properly process website data containing 'smb' commands.
An attacker can exploit this issue to execute arbitrary 'smb' commands on a victim computer. This may help the attacker compromise the application and the underlying system; other attacks are also possible.
Links 1.00pre12 and ELinks 0.11.1 are vulnerable; other versions may also be affected.
NOTE: This vulnerability may be exploited only if 'smbclient' is installed on a target computer.
Exploit / POC
Links, ELinks 'smbclient' Remote Command Execution Vulnerability
To exploit this issue, an attacker must entice an unsuspecting user to access a specially crafted webpage.
A proof-of-concept URI is available:
To exploit this issue, an attacker must entice an unsuspecting user to access a specially crafted webpage.
A proof-of-concept URI is available:
Solution / Fix
Links, ELinks 'smbclient' Remote Command Execution Vulnerability
Solution:
The vendor has addressed this issue in versions 1.00pre19 and 2.1pre26. The vendor originally reported that this issue was corrected in version 2.1pre25, but later amended that claim, stating that version 2.1pre26 is the corrected version.
Please see the references for more information.
Twibright Labs Links 2.1
Twibright Labs Links 1.00pre12
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Twibright Labs Links 2.1 pre16
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Twibright Labs Links 2.1pre25
Twibright Labs Links 2.1 pre23
Twibright Labs Links 2.1 pre24
ELinks ELinks 0.10.4
Trustix Secure Linux 2.2
Trustix Secure Linux 3.0
Solution:
The vendor has addressed this issue in versions 1.00pre19 and 2.1pre26. The vendor originally reported that this issue was corrected in version 2.1pre25, but later amended that claim, stating that version 2.1pre26 is the corrected version.
Please see the references for more information.
Twibright Labs Links 2.1
-
Mandriva links-2.1-0.pre18.13.1mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva links-2.1-0.pre18.13.1mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva links-2.1-0.pre18.5.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download -
Mandriva links-2.1-0.pre18.5.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva links-common-2.1-0.pre18.13.1mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva links-common-2.1-0.pre18.13.1mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva links-common-2.1-0.pre18.5.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download -
Mandriva links-common-2.1-0.pre18.5.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva links-debug-2.1-0.pre18.13.1mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva links-graphic-2.1-0.pre18.13.1mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva links-graphic-2.1-0.pre18.13.1mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva links-graphic-2.1-0.pre18.5.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download -
Mandriva links-graphic-2.1-0.pre18.5.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://www.mandriva.com/en/download
Twibright Labs Links 1.00pre12
-
Links links-1.00pre19.tar.gz
http://artax.karlin.mff.cuni.cz/~mikulas/links/download/links-1.00pre1 9.tar.gz
Ubuntu Ubuntu Linux 6.06 LTS sparc
-
Ubuntu elinks-lite_0.10.6-1ubuntu3.4_sparc.deb
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0 .10.6-1ubuntu3.4_sparc.deb -
Ubuntu elinks_0.10.6-1ubuntu3.4_sparc.deb
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ub untu3.4_sparc.deb
Ubuntu Ubuntu Linux 6.06 LTS powerpc
-
Ubuntu elinks-lite_0.10.6-1ubuntu3.4_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0 .10.6-1ubuntu3.4_powerpc.deb -
Ubuntu elinks_0.10.6-1ubuntu3.4_powerpc.deb
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ub untu3.4_powerpc.deb
Twibright Labs Links 2.1 pre16
-
Debian links2_2.1pre16-1sarge1_alpha.deb
Debian 3.1 (stable)
http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16- 1sarge1_alpha.deb -
Debian links2_2.1pre16-1sarge1_amd64.deb
Debian 3.1 (stable)
http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16- 1sarge1_amd64.deb -
Debian links2_2.1pre16-1sarge1_arm.deb
Debian 3.1 (stable)
http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16- 1sarge1_arm.deb -
Debian links2_2.1pre16-1sarge1_i386.deb
Debian 3.1 (stable)
http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16- 1sarge1_i386.deb -
Debian links2_2.1pre16-1sarge1_m68k.deb
Debian 3.1 (stable)
http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16- 1sarge1_m68k.deb -
Debian links2_2.1pre16-1sarge1_mips.deb
Debian 3.1 (stable)
http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16- 1sarge1_mips.deb
Ubuntu Ubuntu Linux 6.06 LTS i386
-
Ubuntu elinks-lite_0.10.6-1ubuntu3.4_i386.deb
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0 .10.6-1ubuntu3.4_i386.deb -
Ubuntu elinks_0.10.6-1ubuntu3.4_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ub untu3.4_i386.deb
Ubuntu Ubuntu Linux 6.06 LTS amd64
-
Ubuntu elinks-lite_0.10.6-1ubuntu3.4_amd64.deb
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0 .10.6-1ubuntu3.4_amd64.deb -
Ubuntu elinks_0.10.6-1ubuntu3.4_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ub untu3.4_amd64.deb
Twibright Labs Links 2.1pre25
-
Links links-2.1pre26.tar.gz
http://links.twibright.com/download/links-2.1pre26.tar.gz
Twibright Labs Links 2.1 pre23
-
Links links-2.1pre26.tar.gz
http://links.twibright.com/download/links-2.1pre26.tar.gz
Twibright Labs Links 2.1 pre24
-
Links links-2.1pre26.tar.gz
http://links.twibright.com/download/links-2.1pre26.tar.gz
ELinks ELinks 0.10.4
-
Debian elinks-lite_0.10.4-7.1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10 .4-7.1_alpha.deb -
Debian elinks-lite_0.10.4-7.1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10 .4-7.1_amd64.deb -
Debian elinks-lite_0.10.4-7.1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10 .4-7.1_arm.deb -
Debian elinks-lite_0.10.4-7.1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10 .4-7.1_hppa.deb -
Debian elinks-lite_0.10.4-7.1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10 .4-7.1_i386.deb -
Debian elinks-lite_0.10.4-7.1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10 .4-7.1_ia64.deb -
Debian elinks-lite_0.10.4-7.1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10 .4-7.1_m68k.deb -
Debian elinks-lite_0.10.4-7.1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10 .4-7.1_mips.deb -
Debian elinks-lite_0.10.4-7.1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10 .4-7.1_mipsel.deb -
Debian elinks-lite_0.10.4-7.1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10 .4-7.1_powerpc.deb -
Debian elinks-lite_0.10.4-7.1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10 .4-7.1_s390.deb -
Debian elinks-lite_0.10.4-7.1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10 .4-7.1_sparc.deb -
Debian elinks_0.10.4-7.1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7. 1_alpha.deb -
Debian elinks_0.10.4-7.1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7. 1_amd64.deb -
Debian elinks_0.10.4-7.1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7. 1_arm.deb -
Debian elinks_0.10.4-7.1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7. 1_hppa.deb -
Debian elinks_0.10.4-7.1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7. 1_i386.deb -
Debian elinks_0.10.4-7.1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7. 1_ia64.deb -
Debian elinks_0.10.4-7.1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7. 1_m68k.deb -
Debian elinks_0.10.4-7.1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7. 1_mips.deb -
Debian elinks_0.10.4-7.1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7. 1_mipsel.deb -
Debian elinks_0.10.4-7.1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7. 1_powerpc.deb -
Debian elinks_0.10.4-7.1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7. 1_s390.deb -
Debian elinks_0.10.4-7.1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7. 1_sparc.deb
Trustix Secure Linux 2.2
-
Trustix bind-9.3.4-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix bind-devel-9.3.4-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix bind-libs-9.3.4-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix bind-light-9.3.4-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix bind-light-devel-9.3.4-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix bind-utils-9.3.4-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix Secure Linux 3.0
-
Trustix bind-9.3.4-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix bind-devel-9.3.4-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix bind-libs-9.3.4-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix bind-light-9.3.4-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix bind-light-devel-9.3.4-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates -
Trustix bind-utils-9.3.4-1tr.i586.rpm
TSL 3.0
ftp://ftp.trustix.org/pub/trustix/updates
References
Links, ELinks 'smbclient' Remote Command Execution Vulnerability
References:
References:
- Links Homepage (Links)
- Links smbclient command execution (Teemu Salmela)
- Critical: elinks security update (RedHat)