Advisories
Vulnerability Database
PoC
Viruses
Research Lab
Mandriva

[ MDKSA-2006:216 ] - Updated links packages fix smb vulnerability

27 november, 2006

----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:216
http://www.mandriva.com/security/
_______________________________________________________________________

Package : links
Date : November 20, 2006
Affected: 2006.0, 2007.0
_______________________________________________________________________

Problem Description:

The links web browser with smbclient installed allows remote attackers
to execute arbitrary code via shell metacharacters in an smb:// URI, as
demonstrated by using PUT and GET statements.

Corporate 3.0 is not affected by this issue, as that version of links
does not have smb:// URI support.

Updated packages have disabled access to smb:// URIs.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5925
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
ea08f62d39a09dea86b7d1a5cb51e327 2006.0/i586/links-2.1-0.pre18.5.1.20060mdk.i586.rpm
adbcd46c1caf25846b7ff382ac6eee7d 2006.0/i586/links-common-2.1-0.pre18.5.1.20060mdk.i586.rpm
e87b887c09df5e888c097766e7ec619c 2006.0/i586/links-graphic-2.1-0.pre18.5.1.20060mdk.i586.rpm
ee822254533bf4719ee94223161b7de0 2006.0/SRPMS/links-2.1-0.pre18.5.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
796b482155ea5ab249bbe1baabcdd419 2006.0/x86_64/links-2.1-0.pre18.5.1.20060mdk.x86_64.rpm
5f897e5f5d1c712b547bce7fdb7b61d4 2006.0/x86_64/links-common-2.1-0.pre18.5.1.20060mdk.x86_64.rpm
93e5c42924fcafb2fc121c0d69b7f398 2006.0/x86_64/links-graphic-2.1-0.pre18.5.1.20060mdk.x86_64.rpm
ee822254533bf4719ee94223161b7de0 2006.0/SRPMS/links-2.1-0.pre18.5.1.20060mdk.src.rpm

Mandriva Linux 2007.0:
27f5da60ae0072b509e17326146922c1 2007.0/i586/links-2.1-0.pre18.13.1mdv2007.0.i586.rpm
b4dac2435e4622cabf537c4df1749d83 2007.0/i586/links-common-2.1-0.pre18.13.1mdv2007.0.i586.rpm
d33ab06111f877fbccb8f85ceb4044af 2007.0/i586/links-graphic-2.1-0.pre18.13.1mdv2007.0.i586.rpm
04961b71a4a04032a6e335dcaf91aa9d 2007.0/SRPMS/links-2.1-0.pre18.13.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
fe702c658fd4b931c8c79efd9c77010b 2007.0/x86_64/links-2.1-0.pre18.13.1mdv2007.0.x86_64.rpm
5d8d03edf4217e9d3a6ab7f006c5613a 2007.0/x86_64/links-common-2.1-0.pre18.13.1mdv2007.0.x86_64.rpm
e1c5effc08dfbc2e2c8b1bc351f4ea50 2007.0/x86_64/links-debug-2.1-0.pre18.13.1mdv2007.0.x86_64.rpm
8fd02e550d5310ae74e48f002d7da45b 2007.0/x86_64/links-graphic-2.1-0.pre18.13.1mdv2007.0.x86_64.rpm
04961b71a4a04032a6e335dcaf91aa9d 2007.0/SRPMS/links-2.1-0.pre18.13.1mdv2007.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFYfQXmqjQ0CJFipgRApBLAKDIO3FYiF5JM4CRiigwGYFc/0fjAgCgrJRq
gvRXQIbTpwd2RXYsDXrHt8I=
=ROqA
-----END PGP SIGNATURE-----
Search
National Vulnerability Database

CVE-2010-3197

IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors.

31 august, 2010

CVE-2010-3196

IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view.

31 august, 2010

CVE-2010-3195

Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration."

31 august, 2010

CVE-2010-3194

The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner.

31 august, 2010

CVE-2010-3193

Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors.

31 august, 2010

CVE-2010-2365

Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs2 before 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

31 august, 2010

CVE-2010-2364

Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs before 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

31 august, 2010

CVE-2010-3191

Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in ...

31 august, 2010

CVE-2010-3190

Untrusted search path vulnerability in ATL MFC Trace Tool (AtlTraceT ool8.exe), as used in Microsoft Visual Studio, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ...

31 august, 2010

CVE-2010-3189

The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCt rl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer.

31 august, 2010

ÐîÑ

Microsoft Windows XP Indeo Filter DLL Hijacking PoC

Target: Microsoft Windows XP
Impact: Code execution

avast! <= 5.0.594 license files DLL Hijacking Exploit (mfc90loc.dll)

Target: avast! 5.0.594 and previous versions
Impact: Code execution

Windows Live Mail DLL Hijacking Exploit (dwmapi.dll)

Target: Windows Live Mail
Impact: Code execution

AdvertismentAbout ProjectContact UsCopyrightExportRSSMy SettingsMap