157028 2006-12-03 15:38 0000 www-client/links vulnerablitiy in smb:// URL handling (CVE-2006-5925) 2007-03-31 18:20:24 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://secunia.com/advisories/22905/ B3? [glsa] P2 enhancement --- 1 arthur@arthurkoziel.de security@gentoo.org mips@gentoo.org vanquirius@gentoo.org arthur@arthurkoziel.de 2006-12-03 15:38:05 0000 Hi, please bump www-client/links to pre26. In the changelog, there's also a entry about a severe security bug http://links.twibright.com/download/ChangeLog Tue Nov 28 23:13:38 MET 2006 mikulas: Fixed severe security bug: '"' and ';' in smb:// url could be used for remote command execution. Thanks! vanquirius@gentoo.org 2006-12-03 17:33:31 0000 Thanks, 2.1_pre26 in cvs. Security, I believe you take it from here :-). Cheers fauli@gentoo.org 2006-12-04 00:32:35 0000 x86 done gustavoz@gentoo.org 2006-12-04 06:27:01 0000 sparc stable. jer@gentoo.org 2006-12-04 07:38:07 0000 Stable for HPPA. grobian@gentoo.org 2006-12-04 08:54:01 0000 moved to prefix. ahf@0x90.dk 2006-12-04 09:16:33 0000 Stable on Alpha. dertobi123@gentoo.org 2006-12-04 10:24:49 0000 ppc stable corsair@gentoo.org 2006-12-04 10:44:38 0000 ppc64 stable jaervosz@gentoo.org 2006-12-05 00:47:49 0000 Correcting component. malc@gentoo.org 2006-12-05 14:20:08 0000 amd64 done vorlon@gentoo.org 2006-12-07 02:24:42 0000 hard to rate this... B3 might be closes from Secunia: Successful exploitation allows exposure of sensitive information or manipulation of data, but requires that the user visits a malicious "smb://" URL or gets redirected to such an URL by a malicious URL, and that the user has the smbclient program installed. security please vote jaervosz@gentoo.org 2006-12-07 03:34:35 0000 I tend to vote NO. How often do you use lins for smb:// stuff? frilled@gentoo.org 2006-12-07 03:42:01 0000 I guess it's not whether you would use it, but you could be enticed to use it by a malicious site. If this works for <IMG SRC="smb://..."> tags for example, you'll be screwed. (Note that I don't know whether it does, I just remember a bug like that in firefox.) Redirection will not automatically screw you, though (at least not in the default conf). I tend to vote yes. I admit it's "thin", but it's also bad ^_^ falco@gentoo.org 2006-12-10 12:51:40 0000 i vote yes... and isn't it a B2 instead of B3 ? vorlon@gentoo.org 2006-12-10 13:05:39 0000 ok, agreed... let's have a GLSA falco@gentoo.org 2006-12-15 07:56:39 0000 GLSA 200612-16 armin76@gentoo.org 2007-03-31 18:20:24 0000 ia64 done