CERT-In Vulnerability Note CIVN-2006-118
elinks SMB protocol handler vulnerability

Original Issue Date: November 16, 2006

Severity Rating: High

System Affected

elinks version prior to1.00pre12

Overview

elinks is a text-based console web browser for UNIX-like operating systems. It is currently the best maintained browser of this type.

Description

A vulnerability has been reported in elinks SMB protocol handler due to input validation error in accepting SMB:// URI . A remote attacker can host malicious website and could execute smbclient commands on the affected system. As a result any file could be read or write on the system with the privilege of user running the elinks.

Solution

Apply appropriate patches suggested by vendor

References

RedHat
https://rhn.redhat.com/errata/RHSA-2006-0742.html

FULLDISC
http://marc.theaimsgroup.com/?l=fulldisclosure&m=
116355556512780&w=2

CVE-Name
CVE-2006-5925

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003