// For flags

CVE-2006-5925

Links_ ELinks 'smbclient' - Remote Command Execution

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.

Los navegadores web Links 1.00pre12 y Elinks 0.9.2 con smbclient instalado permite a atacantes remotos ejecutar código arbitrario a través de metacaracteres del shell en un smb:// URI, como se ha demostrado mediante el uso de las sentencias PUT y GET.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-11-14 First Exploit
  • 2006-11-15 CVE Reserved
  • 2006-11-15 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (32)
URL Tag Source
http://bugzilla.elinks.cz/show_bug.cgi?id=841 X_refsource_confirm
http://marc.info/?l=full-disclosure&m=116355556512780&w=2 Mailing List
http://securitytracker.com/id?1017232 Vdb Entry
http://securitytracker.com/id?1017233 Vdb Entry
http://www.securityfocus.com/archive/1/451870/100/200/threaded Mailing List
http://www.securityfocus.com/bid/21082 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/30299 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11213 Signature
URL Date SRC
https://www.exploit-db.com/exploits/29033 2006-11-18
https://www.exploit-db.com/exploits/2784 2006-11-14
URL Date SRC
URL Date SRC
http://secunia.com/advisories/22905 2018-10-17
http://secunia.com/advisories/22920 2018-10-17
http://secunia.com/advisories/22923 2018-10-17
http://secunia.com/advisories/23022 2018-10-17
http://secunia.com/advisories/23132 2018-10-17
http://secunia.com/advisories/23188 2018-10-17
http://secunia.com/advisories/23234 2018-10-17
http://secunia.com/advisories/23389 2018-10-17
http://secunia.com/advisories/23467 2018-10-17
http://secunia.com/advisories/24005 2018-10-17
http://secunia.com/advisories/24054 2018-10-17
http://security.gentoo.org/glsa/glsa-200612-16.xml 2018-10-17
http://www.debian.org/security/2006/dsa-1228 2018-10-17
http://www.debian.org/security/2006/dsa-1240 2018-10-17
http://www.gentoo.org/security/en/glsa/glsa-200701-27.xml 2018-10-17
http://www.mandriva.com/security/advisories?name=MDKSA-2006:216 2018-10-17
http://www.novell.com/linux/security/advisories/2006_27_sr.html 2018-10-17
http://www.redhat.com/support/errata/RHSA-2006-0742.html 2018-10-17
http://www.trustix.org/errata/2007/0005 2018-10-17
https://www.debian.org/security/2006/dsa-1226 2018-10-17
https://access.redhat.com/security/cve/CVE-2006-5925 2006-11-15
https://bugzilla.redhat.com/show_bug.cgi?id=1618231 2006-11-15
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Elinks
Search vendor "Elinks"
 Elinks
Search vendor "Elinks" for product "Elinks"
 0.9.2
Search vendor "Elinks" for product "Elinks" and version "0.9.2"
-
Affected
Links
Search vendor "Links"
 Links
Search vendor "Links" for product "Links"
 1.00pre12
Search vendor "Links" for product "Links" and version "1.00pre12"
-
Affected