Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.66112
Categoría:Ubuntu Local Security Checks
Título:Ubuntu USN-851-1 (elinks)
Resumen:NOSUMMARY
Descripción:Description:
The remote host is missing an update to elinks
announced via advisory USN-851-1.

Details follow:

Teemu Salmela discovered that Elinks did not properly validate input when
processing smb:// URLs. If a user were tricked into viewing a malicious
website and had smbclient installed, a remote attacker could execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2006-5925)

Jakub Wilk discovered a logic error in Elinks, leading to a buffer
overflow. If a user were tricked into viewing a malicious website, a remote
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2008-7224)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
elinks 0.10.6-1ubuntu3.4
elinks-lite 0.10.6-1ubuntu3.4

After a standard system upgrade you need to restart Elinks to effect
the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-851-1

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-5925
BugTraq ID: 21082
http://www.securityfocus.com/bid/21082
Bugtraq: 20061115 Links smbclient command execution (Google Search)
http://www.securityfocus.com/archive/1/451870/100/200/threaded
Debian Security Information: DSA-1226 (Google Search)
https://www.debian.org/security/2006/dsa-1226
Debian Security Information: DSA-1228 (Google Search)
http://www.debian.org/security/2006/dsa-1228
Debian Security Information: DSA-1240 (Google Search)
http://www.debian.org/security/2006/dsa-1240
http://marc.info/?l=full-disclosure&m=116355556512780&w=2
http://security.gentoo.org/glsa/glsa-200612-16.xml
http://www.gentoo.org/security/en/glsa/glsa-200701-27.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:216
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11213
http://www.redhat.com/support/errata/RHSA-2006-0742.html
http://securitytracker.com/id?1017232
http://securitytracker.com/id?1017233
http://secunia.com/advisories/22905
http://secunia.com/advisories/22920
http://secunia.com/advisories/22923
http://secunia.com/advisories/23022
http://secunia.com/advisories/23132
http://secunia.com/advisories/23188
http://secunia.com/advisories/23234
http://secunia.com/advisories/23389
http://secunia.com/advisories/23467
http://secunia.com/advisories/24005
http://secunia.com/advisories/24054
SuSE Security Announcement: SUSE-SR:2006:027 (Google Search)
http://www.novell.com/linux/security/advisories/2006_27_sr.html
http://www.trustix.org/errata/2007/0005
XForce ISS Database: links-smbclient-command-execution(30299)
https://exchange.xforce.ibmcloud.com/vulnerabilities/30299
Common Vulnerability Exposure (CVE) ID: CVE-2008-7224
http://linuxfromscratch.org/pipermail/elinks-users/2008-February/001604.html
http://osvdb.org/41949
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10126
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.