Miembros de
Boletines de Vulnerabilidades |
Vulnerabilidad en Elinks SMB protocol |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Aumento de la visibilidad |
| Dificultad | Experto |
| Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricante afectado | GNU/Linux |
| Software afectado | Elinks |
Descripción |
|
|
Se ha descubierto una vulnerabilidad en el navegador web Elinks. La vulnerabilidad reside en un error en el protocolo SMB de Elinks. Un atacante remoto podría leer o escribir archivos mediante la creación de una página web que fuese visitada por la víctima. |
|
Solución |
|
|
Actualización de software Red Hat Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ Mandriva Mandriva Linux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/links-2.1-0.pre18.5.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/links-common-2.1-0.pre18.5.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/links-graphic-2.1-0.pre18.5.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/links-2.1-0.pre18.5.1.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/links-2.1-0.pre18.5.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/links-common-2.1-0.pre18.5.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/links-graphic-2.1-0.pre18.5.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/links-2.1-0.pre18.5.1.20060mdk.src.rpm Mandriva Linux 2007 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/links-2.1-0.pre18.13.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/links-common-2.1-0.pre18.13.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/links-graphic-2.1-0.pre18.13.1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/links-2.1-0.pre18.13.1mdv2007.0.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/links-2.1-0.pre18.13.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/links-common-2.1-0.pre18.13.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/links-debug-2.1-0.pre18.13.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/links-graphic-2.1-0.pre18.13.1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/links-2.1-0.pre18.13.1mdv2007.0.src.rpm Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux Debian Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1.dsc http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1.diff.gz http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12.orig.tar.gz Architecture independent http://security.debian.org/pool/updates/main/l/links/links-ssl_0.99+1.00pre12-1sarge1_all.deb Alpha http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_alpha.deb AMD64 http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_amd64.deb ARM http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_arm.deb HP Precision http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_hppa.deb Intel IA-32 http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_ia64.deb Motorola 680x0 http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/l/links/links_0.99+1.00pre12-1sarge1_sparc.deb Debian (DSA 1228-1) Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1.dsc http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1.diff.gz http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_alpha.deb http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_alpha.deb AMD64 http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_amd64.deb http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_amd64.deb ARM http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_arm.deb http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_arm.deb HP Precision http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_hppa.deb http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_hppa.deb Intel IA-32 http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_i386.deb http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_ia64.deb http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_ia64.deb Motorola 680x0 http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_m68k.deb http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_mips.deb http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_mipsel.deb http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_powerpc.deb http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_s390.deb http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_sparc.deb http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_sparc.deb Debian (DSA 1240-1) Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1.diff.gz http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16.orig.tar.gz http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1.dsc alpha architecture http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1_alpha.deb AMD64 http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1_amd64.deb ARM http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1_arm.deb Intel ia32 http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1_i386.deb Motorola Mc680x0 http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1_m68k.deb MIPS (Big Endian) http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1_mips.deb |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2006-5925 |
| BID | 21082 |
Recursos adicionales |
|
|
Red Hat Security Advisory (RHSA-2006:0742-5) https://rhn.redhat.com/errata/RHSA-2006-0742.html Mandriva Security Advisory (MDKSA-2006:216) http://www.mandriva.com/security/advisories?name=MDKSA-2006:216 SUSE Security Advisory (SUSE-SR:2006:027) http://www.novell.com/linux/security/advisories/2006_27_sr.html Debian Security Advisory (DSA 1226-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00327.html Debian Security Advisory (DSA 1228-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00329.html Debian Security Advisory (DSA 1240-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00341.html |
|
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Aviso emitido | 2006-11-16 |
| 1.1 | Aviso emitido por Mandriva (MDKSA-2006:216) | 2006-11-21 |
| 1.2 | Aviso emitido por Suse (SUSE-SR:2006:027) | 2006-11-29 |
| 1.3 | Aviso emitido por Debian (DSA 1226-1) | 2006-12-04 |
| 1.4 | Aviso emitido por Debian (DSA 1228-1) | 2006-12-07 |
| 1.5 | Aviso emitido por Debian (DSA 1240-1) | 2006-12-27 |