Debian Bug report logs -
#399187
CVE-2006-5925: Links "smb" Protocol File Upload/Download Vulnerability
Reported by: Stefan Fritsch <sf@sfritsch.de>
Date: Sat, 18 Nov 2006 12:03:06 UTC
Severity: grave
Tags: patch, security
Fixed in version links/0.99+1.00pre12-1.1
Done: Julien Cristau <julien.cristau@ens-lyon.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Peter Gervai <grin@tolna.net>:
Bug#399187; Package links.
(full text, mbox, link).
Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
New Bug report received and forwarded. Copy sent to Peter Gervai <grin@tolna.net>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
package: links
severity: grave
tags: security
A vulnerability has been found in links:
Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed
allows remote attackers to execute arbitrary code via shell
metacharacters in an smb:// URI, as demonstrated by using PUT and GET
statements.
See http://secunia.com/advisories/22905
Please mention the CVE id in the changelog.
[Message part 2 (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Peter Gervai <grin@tolna.net>:
Bug#399187; Package links.
(full text, mbox, link).
Acknowledgement sent to Julien Cristau <julien.cristau@ens-lyon.org>:
Extra info received and forwarded to list. Copy sent to Peter Gervai <grin@tolna.net>.
(full text, mbox, link).
Message #10 received at 399187@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 399187 patch
kthxbye
On Sat, Nov 18, 2006 at 12:59:57 +0100, Stefan Fritsch wrote:
> A vulnerability has been found in links:
> Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed
> allows remote attackers to execute arbitrary code via shell
> metacharacters in an smb:// URI, as demonstrated by using PUT and GET
> statements.
>
Hi, the attached patch disables smb support in links and thus fixes this
issue.
Cheers,
Julien
[links-CVE-2006-5925.diff (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]
Tags added: patch
Request was from Julien Cristau <julien.cristau@ens-lyon.org>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Peter Gervai <grin@tolna.net>:
Bug#399187; Package links.
(full text, mbox, link).
Acknowledgement sent to Julien Cristau <julien.cristau@ens-lyon.org>:
Extra info received and forwarded to list. Copy sent to Peter Gervai <grin@tolna.net>.
(full text, mbox, link).
Message #17 received at 399187@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
do the security@ people have a DSA in preparation for links and/or
elinks for CVE-2006-5925, or should I prepare a patch for the stable
versions too?
Cheers,
Julien
[signature.asc (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Peter Gervai <grin@tolna.net>:
Bug#399187; Package links.
(full text, mbox, link).
Acknowledgement sent to Martin Schulze <joey@infodrom.org>:
Extra info received and forwarded to list. Copy sent to Peter Gervai <grin@tolna.net>.
(full text, mbox, link).
Message #22 received at 399187@bugs.debian.org (full text, mbox, reply):
Julien Cristau wrote:
> Hi,
>
> do the security@ people have a DSA in preparation for links and/or
> elinks for CVE-2006-5925, or should I prepare a patch for the stable
> versions too?
As far as I know, no. Please prepare an update.
Regards,
Joey
--
Given enough thrust pigs will fly, but it's not necessarily a good idea.
Please always Cc to me when replying to me on the lists.
Reply sent to Julien Cristau <julien.cristau@ens-lyon.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #27 received at 399187-close@bugs.debian.org (full text, mbox, reply):
Source: links
Source-Version: 0.99+1.00pre12-1.1
We believe that the bug you reported is fixed in the latest version of
links, which is due to be installed in the Debian FTP archive:
links-ssl_0.99+1.00pre12-1.1_all.deb
to pool/main/l/links/links-ssl_0.99+1.00pre12-1.1_all.deb
links_0.99+1.00pre12-1.1.diff.gz
to pool/main/l/links/links_0.99+1.00pre12-1.1.diff.gz
links_0.99+1.00pre12-1.1.dsc
to pool/main/l/links/links_0.99+1.00pre12-1.1.dsc
links_0.99+1.00pre12-1.1_i386.deb
to pool/main/l/links/links_0.99+1.00pre12-1.1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 399187@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julien Cristau <julien.cristau@ens-lyon.org> (supplier of updated links package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 27 Nov 2006 02:03:42 +0100
Source: links
Binary: links-ssl links
Architecture: source i386 all
Version: 0.99+1.00pre12-1.1
Distribution: unstable
Urgency: high
Maintainer: Peter Gervai <grin@tolna.net>
Changed-By: Julien Cristau <julien.cristau@ens-lyon.org>
Description:
links - Character mode WWW browser
links-ssl - Dummy package for transition to elinks
Closes: 399187
Changes:
links (0.99+1.00pre12-1.1) unstable; urgency=high
.
* Non-maintainer upload.
* High-urgency for security bug fix.
* Build without smb support to fix security issue (CVE-2006-5925),
closes: #399187.
Files:
74482d69fb9989046bc8be23a3daf4e2 620 web extra links_0.99+1.00pre12-1.1.dsc
32fa0a2fab0c54b14d0a519a7f8d90e2 8708 web extra links_0.99+1.00pre12-1.1.diff.gz
9ad476ce7ec069e3667617d0516c6beb 5366 oldlibs extra links-ssl_0.99+1.00pre12-1.1_all.deb
6e5712b82beaaaba19cc5ae28c082f80 377316 web extra links_0.99+1.00pre12-1.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFarpmOU3FkQ7XBOoRAlt7AKCZfIGmAaUsD4nxVCo79d7dqWtOEACfUqmf
02hm9LVoVFGZsaXro3k/Rjk=
=eN0Q
-----END PGP SIGNATURE-----
Information forwarded to debian-bugs-dist@lists.debian.org, Peter Gervai <grin@tolna.net>:
Bug#399187; Package links.
(full text, mbox, link).
Acknowledgement sent to Julien Cristau <julien.cristau@ens-lyon.org>:
Extra info received and forwarded to list. Copy sent to Peter Gervai <grin@tolna.net>.
(full text, mbox, link).
Message #32 received at 399187@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Mon, Nov 27, 2006 at 11:35:07 +0100, Martin Schulze wrote:
> Julien Cristau wrote:
> > Hi,
> >
> > do the security@ people have a DSA in preparation for links and/or
> > elinks for CVE-2006-5925, or should I prepare a patch for the stable
> > versions too?
>
> As far as I know, no. Please prepare an update.
>
I have source packages ready at:
http://www.liafa.jussieu.fr/~jcristau/debian/CVE-2006-5925/links_0.99+1.00pre12-1sarge1.dsc
http://www.liafa.jussieu.fr/~jcristau/debian/CVE-2006-5925/elinks_0.10.4-7.1.dsc
Please find the debdiffs attached to this mail.
Let me know if you want me to have them uploaded.
Cheers,
Julien
[links_0.99+1.00pre12-1sarge1.debdiff (text/plain, attachment)]
[elinks_0.10.4-7.1.debdiff (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Peter Gervai <grin@tolna.net>:
Bug#399187; Package links.
(full text, mbox, link).
Acknowledgement sent to Julien Cristau <julien.cristau@ens-lyon.org>:
Extra info received and forwarded to list. Copy sent to Peter Gervai <grin@tolna.net>.
(full text, mbox, link).
Message #37 received at 399187@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Mon, Nov 27, 2006 at 02:25:32 +0100, Julien Cristau wrote:
> Hi, the attached patch disables smb support in links and thus fixes this
> issue.
>
An NMU has been uploaded today with the patch I attached to my previous
mail.
Cheers,
Julien
[signature.asc (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Peter Gervai <grin@tolna.net>:
Bug#399187; Package links.
(full text, mbox, link).
Acknowledgement sent to Mikko Rapeli <mikko.rapeli@iki.fi>:
Extra info received and forwarded to list. Copy sent to Peter Gervai <grin@tolna.net>.
(full text, mbox, link).
Message #42 received at 399187@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hello,
On Mon, Nov 27, 2006 at 12:09:56PM +0100, Julien Cristau wrote:
> On Mon, Nov 27, 2006 at 11:35:07 +0100, Martin Schulze wrote:
>
> > Julien Cristau wrote:
> > > Hi,
> > >
> > > do the security@ people have a DSA in preparation for links and/or
> > > elinks for CVE-2006-5925, or should I prepare a patch for the stable
> > > versions too?
> >
> > As far as I know, no. Please prepare an update.
> >
> I have source packages ready at:
> http://www.liafa.jussieu.fr/~jcristau/debian/CVE-2006-5925/links_0.99+1.00pre12-1sarge1.dsc
> http://www.liafa.jussieu.fr/~jcristau/debian/CVE-2006-5925/elinks_0.10.4-7.1.dsc
links2 is vulnerable too. The links patch needed a tweak for links2
but result is attached.
-Mikko
[links2_sarge_disable_smb_01.txt (text/plain, attachment)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 27 Jun 2007 00:07:36 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:50:05 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon