CVE-2006-5925 - Vulnerability Details

Description

Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.

Published: 2006-11-15

Score: 7.5 High

EPSS: 33.2% Moderate

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:elinks:elinks:0.9.2:::::::*
	cpe:2.3:a:links:links:1.00pre12:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 4
elinks-0:0.9.2-3.3	cpe:/o:redhat:enterprise_linux:4	RHSA-2006:0742	2006-11-15T00:00:00Z

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DSA	DSA-1226-1	New links packages fix arbitrary shell command execution
Debian DSA	DSA-1228-1	New elinks packages fix arbitrary shell command execution
Debian DSA	DSA-1240-1	New links2 packages fix arbitrary shell command execution
Ubuntu USN	USN-851-1	Elinks vulnerabilities

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.33207.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://bugzilla.elinks.cz/show_bug.cgi?id=841
http://marc.info/?l=full-disclosure&m=116355556512780&w=2
http://secunia.com/advisories/22905
http://secunia.com/advisories/22920
http://secunia.com/advisories/22923
http://secunia.com/advisories/23022
http://secunia.com/advisories/23132
http://secunia.com/advisories/23188
http://secunia.com/advisories/23234
http://secunia.com/advisories/23389
http://secunia.com/advisories/23467
http://secunia.com/advisories/24005
http://secunia.com/advisories/24054
http://security.gentoo.org/glsa/glsa-200612-16.xml
http://securitytracker.com/id?1017232
http://securitytracker.com/id?1017233
http://www.debian.org/security/2006/dsa-1228
http://www.debian.org/security/2006/dsa-1240
http://www.gentoo.org/security/en/glsa/glsa-200701-27.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:216
http://www.novell.com/linux/security/advisories/2006_27_sr.html
http://www.redhat.com/support/errata/RHSA-2006-0742.html
http://www.securityfocus.com/archive/1/451870/100/200/threaded
http://www.securityfocus.com/bid/21082
http://www.trustix.org/errata/2007/0005
https://exchange.xforce.ibmcloud.com/vulnerabilities/30299
https://nvd.nist.gov/vuln/detail/CVE-2006-5925
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11213
https://www.cve.org/CVERecord?id=CVE-2006-5925
https://www.debian.org/security/2006/dsa-1226

History

No history.

Subscriptions

Elinks Elinks

Links Links

Redhat Enterprise Linux

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2006-11-15T19:00:00.000Z

Updated: 2024-08-07T20:12:30.612Z

Reserved: 2006-11-15T00:00:00.000Z

Link: CVE-2006-5925

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-11-15T19:07:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-5925

Redhat

Severity : Critical

Publid Date: 2006-11-15T01:51:00Z

Links: CVE-2006-5925 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-Other

Tracking

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object