Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 155358 - www-client/elinks arbitrary file access flaw was found in the SMB protocol handler (CVE-2006-5925)
Summary: www-client/elinks arbitrary file access flaw was found in the SMB protocol ha...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://rhn.redhat.com/errata/RHSA-200...
Whiteboard: B2?? [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2006-11-16 07:16 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2007-02-10 18:57 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-11-16 07:16:44 UTC
An arbitrary file access flaw was found in the Elinks SMB protocol handler. 
A malicious web page could have caused Elinks to read or write files with 
the permissions of the user running Elinks. (CVE-2006-5925)
Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev 2006-11-18 11:26:04 UTC
http://marc.theaimsgroup.com/?l=full-disclosure&m=116355556512780&w=2
http://secunia.com/advisories/22920/

upstream bug: http://bugzilla.elinks.cz/show_bug.cgi?id=841

perhaps patches could be extracted from RH update, that was for an older version though, maybe someone could check that out
Comment 2 Matt Drew (RETIRED) gentoo-dev 2006-11-21 04:18:05 UTC
Red Hat "fixed" the problem by disabling smb support:

http://rhn.redhat.com/errata/RHSA-2006-0742.html

So did the guy working on the vulnerability in the elinks bugzilla.  The bug to watch for the fix is apparently:

http://bugzilla.elinks.cz/show_bug.cgi?id=844

Comment 3 Matthias Geerdsen (RETIRED) gentoo-dev 2007-01-22 19:58:44 UTC
this appears to have been "fixed" in 0.11.2 by disabling SMB support

http://pasky.or.cz/gitweb.cgi?p=elinks.git;a=commitdiff;h=6f14725204fdd0a5f5a054ad7ab7340cd1ce27cb

Bug 841, CVE-2006-5925: Prevent enabling the SMB protocol.
src/protocol/smb/smb.c: Added #error directives so that this
vulnerable code cannot be accidentally compiled in.

features.conf: Disable CONFIG_SMB by default and explain why.

configure.in: If the user set CONFIG_SMB in features.conf or
--enable-smb in the command line, disable them and warn the user.

____

since the ebuild is in the tree already and stable on several arches, we should go on marking it stable for the others too...

www-client/elinks-0.11.2

current KEYWORDS="alpha ~amd64 ~hppa ~mips ~ppc ~ppc64 sparc ~x86 ~x86-fbsd"
target KEYWORDS="alpha amd64 hppa ~mips ppc ppc64 sparc x86 ~x86-fbsd"
Comment 4 Raúl Porcel (RETIRED) gentoo-dev 2007-01-22 21:19:08 UTC
x86 stable
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2007-01-23 03:59:49 UTC
Stable for HPPA.
Comment 6 Steve Dibb (RETIRED) gentoo-dev 2007-01-23 09:55:10 UTC
removed the samba use flag

and amd64 stable.
Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev 2007-01-23 20:38:34 UTC
ppc stable
Comment 8 Markus Rothe (RETIRED) gentoo-dev 2007-01-27 09:49:47 UTC
ppc64 stable. sorry for being late
Comment 9 Matthias Geerdsen (RETIRED) gentoo-dev 2007-01-27 10:46:03 UTC
we issued GLSA 200612-16, so we should have one for links too...
Comment 10 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-02-10 18:57:54 UTC
old GLSA 200701-27