157028 – www-client/links vulnerablitiy in smb:// URL handling (CVE-2006-5925)

Bug 157028 - www-client/links vulnerablitiy in smb:// URL handling (CVE-2006-5925)

Summary: www-client/links vulnerablitiy in smb:// URL handling (CVE-2006-5925)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High enhancement (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/22905/
Whiteboard:	B3? [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2006-12-03 15:38 UTC by Arthur Koziel
Modified:	2019-12-30 12:24 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arthur Koziel 2006-12-03 15:38:05 UTC

Hi,
please bump www-client/links to pre26.

In the changelog, there's also a entry about a severe security bug
http://links.twibright.com/download/ChangeLog

Tue Nov 28 23:13:38 MET 2006 mikulas:

	Fixed severe security bug: '"' and ';' in smb:// url could be used for
	remote command execution.

Thanks!

Comment 1 Marcelo Goes (RETIRED) gentoo-dev

2006-12-03 17:33:31 UTC

Thanks, 2.1_pre26 in cvs.
Security, I believe you take it from here :-).

Cheers

Comment 2 Christian Faulhammer (RETIRED) gentoo-dev

2006-12-04 00:32:35 UTC

x86 done

Comment 3 Gustavo Zacarias (RETIRED) gentoo-dev

2006-12-04 06:27:01 UTC

sparc stable.

Comment 4 Jeroen Roovers (RETIRED) gentoo-dev

2006-12-04 07:38:07 UTC

Stable for HPPA.

Comment 5 Fabian Groffen gentoo-dev

2006-12-04 08:54:01 UTC

moved to prefix.

Comment 6 Alexander Færøy 2006-12-04 09:16:33 UTC

Stable on Alpha.

Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev

2006-12-04 10:24:49 UTC

ppc stable

Comment 8 Markus Rothe (RETIRED) gentoo-dev

2006-12-04 10:44:38 UTC

ppc64 stable

Comment 9 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-12-05 00:47:49 UTC

Correcting component.

Comment 10 Malcolm Lashley (RETIRED) gentoo-dev

2006-12-05 14:20:08 UTC

amd64 done

Comment 11 Matthias Geerdsen (RETIRED) gentoo-dev

2006-12-07 02:24:42 UTC

hard to rate this... B3 might be closes

from Secunia:
Successful exploitation allows exposure of sensitive information or manipulation of data, but requires that the user visits a malicious "smb://" URL or gets redirected to such an URL by a malicious URL, and that the user has the smbclient program installed.

security please vote

Comment 12 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-12-07 03:34:35 UTC

I tend to vote NO. How often do you use lins for smb:// stuff?

Comment 13 Wolf Giesen (RETIRED) gentoo-dev

2006-12-07 03:42:01 UTC

I guess it's not whether you would use it, but you could be enticed to use it by a malicious site. If this works for <IMG SRC="smb://..."> tags for example, you'll be screwed. (Note that I don't know whether it does, I just remember a bug like that in firefox.) Redirection will not automatically screw you, though (at least not in the default conf).

I tend to vote yes. I admit it's "thin", but it's also bad ^_^

Comment 14 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2006-12-10 12:51:40 UTC

i vote yes... and isn't it a B2 instead of B3 ?

Comment 15 Matthias Geerdsen (RETIRED) gentoo-dev

2006-12-10 13:05:39 UTC

ok, agreed... let's have a GLSA

Comment 16 Raphael Marichez (Falco) (RETIRED) gentoo-dev

2006-12-15 07:56:39 UTC

GLSA 200612-16

Comment 17 Raúl Porcel (RETIRED) gentoo-dev

2007-03-31 18:20:24 UTC

ia64 done