Alerts This Week
Warning Icon 1 562
Alerts This Week
Warning Icon 1 562

Ubuntu 6.06 LTS USN-851-1 Critical: Elinks Input Flaw Remote Code Execution

Calendar Oct 21, 2009 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service remote code execution Ubuntu input validation
Teemu Salmela discovered that Elinks did not properly validate input whenprocessing smb:// URLs. If a user were tricked into viewing a maliciouswebsite and had smbclient installed, a remote attacker could executearbitrary code with the privileges of the user invoking the program.(CVE-2006-5925) [More...] 
==========================================================Ubuntu Security Notice USN-851-1           October 21, 2009
elinks vulnerabilities
CVE-2006-5925, CVE-2008-7224
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  elinks                          0.10.6-1ubuntu3.4
  elinks-lite                     0.10.6-1ubuntu3.4

After a standard system upgrade you need to restart Elinks to effect
the necessary changes.

Details follow:

Teemu Salmela discovered that Elinks did not properly validate input when
processing smb:// URLs. If a user were tricked into viewing a malicious
website and had smbclient installed, a remote attacker could execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2006-5925)

Jakub Wilk discovered a logic error in Elinks, leading to a buffer
overflow. If a user were tricked into viewing a malicious website, a remote
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2008-7224)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:    32513 2337a42ab88b259360509ca287a7fdb4
          Size/MD5:      746 35c7278a815709ad6049c98eff1e21f9
          Size/MD5:  3651428 0243203b9e54cf0cf002fca31244ce79

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   907150 31ade5835f45e514e0c0b1a7dd86cc17
          Size/MD5:   732642 b8581260f7a96f74a4658367c4589948

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   845652 030f2fa6d5e6345322ff9e721a8e6150
          Size/MD5:   683282 433e35cea4c997bab0363c0bdb1b327b

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   890200 16446dc0b839fc78d335df36fe7515bb
          Size/MD5:   721242 4e90bc3c72980c0337f5c05a8eb62d69

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   862772 740ae50cb4c3d0f3ca5ee4c8cf94861d
          Size/MD5:   697860 eb467ca12766aed2c5e7c1da96a3ccff

Ubuntu 6.06 LTS USN-851-1 Critical: Elinks Input Flaw Remote Code Execution

ubuntu
Calendar Grey October 21, 2009
Dist Ubuntu Esm H88
Significant vulnerabilities in Elinks for Ubuntu 6.06 LTS lead to potential remote code execution and denial of service threats.
Teemu Salmela discovered that Elinks did not properly validate input whenprocessing smb:// URLs

Summary

Topics%20covered

Topics Covered

security advisory denial of service remote code execution Ubuntu input validation

Update Instructions

References

Severity
critical
Lowest
Low
Medium
High
Critical

elinks vulnerabilities

Topics%20covered

Topics Covered

security advisory denial of service remote code execution Ubuntu input validation

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here