Vulnerability Description
Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Elinks | Elinks | 0.9.2 |
| Links | Links | 1.00pre12 |
References
- http://bugzilla.elinks.cz/show_bug.cgi?id=841
- http://marc.info/?l=full-disclosure&m=116355556512780&w=2
- http://secunia.com/advisories/22905Vendor Advisory
- http://secunia.com/advisories/22920Vendor Advisory
- http://secunia.com/advisories/22923Vendor Advisory
- http://secunia.com/advisories/23022Vendor Advisory
- http://secunia.com/advisories/23132Vendor Advisory
- http://secunia.com/advisories/23188Vendor Advisory
- http://secunia.com/advisories/23234Vendor Advisory
- http://secunia.com/advisories/23389Vendor Advisory
- http://secunia.com/advisories/23467Vendor Advisory
- http://secunia.com/advisories/24005Vendor Advisory
- http://secunia.com/advisories/24054Vendor Advisory
- http://security.gentoo.org/glsa/glsa-200612-16.xml
- http://securitytracker.com/id?1017232
FAQ
What is CVE-2006-5925?
CVE-2006-5925 is a vulnerability with a CVSS score of 7.5 (HIGH). Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET ...
How severe is CVE-2006-5925?
CVE-2006-5925 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5925?
Check the references section above for vendor advisories and patch information. Affected products include: Elinks Elinks, Links Links.