[elinks-dev] Re: CVE-2006-5925 in ELinks bugzilla
Steven M. Christey
coley at linus.mitre.org
Mon Nov 20 12:36:28 MST 2006
Hello,
I agree, it's a good idea to add this to the references. It's been added
as a "CONFIRM" reference and will be on the CVE web site later today.
Regards,
Steve Christey
CVE Editor
======================================================
Name: CVE-2006-5925
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5925
Reference: FULLDISC:20061115 Links smbclient command execution
Reference: URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=116355556512780&w=2
Reference: CONFIRM:http://bugzilla.elinks.cz/show_bug.cgi?id=841
Reference: REDHAT:RHSA-2006:0742
Reference: URL:http://www.redhat.com/support/errata/RHSA-2006-0742.html
Reference: SECTRACK:1017232
Reference: URL:http://securitytracker.com/id?1017232
Reference: SECTRACK:1017233
Reference: URL:http://securitytracker.com/id?1017233
Reference: SECUNIA:22905
Reference: URL:http://secunia.com/advisories/22905
Reference: SECUNIA:22920
Reference: URL:http://secunia.com/advisories/22920
Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed
allows remote attackers to execute arbitrary code via shell
metacharacters in an smb:// URI, as demonstrated by using PUT and GET
statements.
More information about the elinks-dev
mailing list