Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.66112
Kategorie:Ubuntu Local Security Checks
Titel:Ubuntu USN-851-1 (elinks)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing an update to elinks
announced via advisory USN-851-1.

Details follow:

Teemu Salmela discovered that Elinks did not properly validate input when
processing smb:// URLs. If a user were tricked into viewing a malicious
website and had smbclient installed, a remote attacker could execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2006-5925)

Jakub Wilk discovered a logic error in Elinks, leading to a buffer
overflow. If a user were tricked into viewing a malicious website, a remote
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2008-7224)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
elinks 0.10.6-1ubuntu3.4
elinks-lite 0.10.6-1ubuntu3.4

After a standard system upgrade you need to restart Elinks to effect
the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-851-1

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2006-5925
BugTraq ID: 21082
http://www.securityfocus.com/bid/21082
Bugtraq: 20061115 Links smbclient command execution (Google Search)
http://www.securityfocus.com/archive/1/451870/100/200/threaded
Debian Security Information: DSA-1226 (Google Search)
https://www.debian.org/security/2006/dsa-1226
Debian Security Information: DSA-1228 (Google Search)
http://www.debian.org/security/2006/dsa-1228
Debian Security Information: DSA-1240 (Google Search)
http://www.debian.org/security/2006/dsa-1240
http://marc.info/?l=full-disclosure&m=116355556512780&w=2
http://security.gentoo.org/glsa/glsa-200612-16.xml
http://www.gentoo.org/security/en/glsa/glsa-200701-27.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:216
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11213
http://www.redhat.com/support/errata/RHSA-2006-0742.html
http://securitytracker.com/id?1017232
http://securitytracker.com/id?1017233
http://secunia.com/advisories/22905
http://secunia.com/advisories/22920
http://secunia.com/advisories/22923
http://secunia.com/advisories/23022
http://secunia.com/advisories/23132
http://secunia.com/advisories/23188
http://secunia.com/advisories/23234
http://secunia.com/advisories/23389
http://secunia.com/advisories/23467
http://secunia.com/advisories/24005
http://secunia.com/advisories/24054
SuSE Security Announcement: SUSE-SR:2006:027 (Google Search)
http://www.novell.com/linux/security/advisories/2006_27_sr.html
http://www.trustix.org/errata/2007/0005
XForce ISS Database: links-smbclient-command-execution(30299)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30299
Common Vulnerability Exposure (CVE) ID: CVE-2008-7224
http://linuxfromscratch.org/pipermail/elinks-users/2008-February/001604.html
http://osvdb.org/41949
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10126
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.