AusCERT - ESB-2006.0888 -- [Debian] -- New elinks packages fix arbitrary shell command execution

HOME
About AusCERT
Membership
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
ESB-2006.0888 -- [Debian] -- New elinks packages fix arbitrary shell command execution
Date: 06 December 2006
References: ESB-2006.0847

Click here for printable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                         ESB-2006.0888 -- [Debian]
         New elinks packages fix arbitrary shell command execution
                              6 December 2006

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              elinks
Publisher:            Debian
Operating System:     Debian GNU/Linux 3.1
Impact:               Overwrite Arbitrary Files
                      Access Privileged Data
Access:               Remote/Unauthenticated
CVE Names:            CVE-2006-5925

Ref:                  ESB-2006.0847

Original Bulletin:    http://www.debian.org/security/2006/dsa-1228

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1228-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
December 5th, 2006                      http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package        : elinks
Vulnerability  : insufficient escaping
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2006-5925
Debian Bug     : 399188

Teemu Salmela discovered that the elinks character mode web browser
performs insufficient sanitising of smb:// URIs, which might lead to the
execution of arbitrary shell commands.

For the stable distribution (sarge) this problem has been fixed in
version 0.10.4-7.1.

For the upcoming stable distribution (etch) this problem has been
fixed in version 0.11.1-1.2.

For the unstable distribution (sid) this problem has been fixed in
version 0.11.1-1.2.

We recommend that you upgrade your elinks package.


Upgrade Instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1.dsc
      Size/MD5 checksum:      855 f57923819fa4fce0caca333fb49a08cb
    http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1.diff.gz
      Size/MD5 checksum:    25157 611bbe8d6abbdec32944915213b3ffea
    http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4.orig.tar.gz
      Size/MD5 checksum:  3533243 d97d1755f9553a3f5c68a3fe420c6a7c

  Alpha architecture:

    http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_alpha.deb
      Size/MD5 checksum:  1439074 2db129d65122955bd31c6a62700f0843
    http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_alpha.deb
      Size/MD5 checksum:   764102 0654e01c0d5ee49ddb8d24e01d4bd220

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_amd64.deb
      Size/MD5 checksum:  1364322 aa61b139f250715d1e9cb1725bfa7938
    http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_amd64.deb
      Size/MD5 checksum:   706090 18b9ebad31887943c0f54aebd0b355d6

  ARM architecture:

    http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_arm.deb
      Size/MD5 checksum:  1314146 21885ec226e0eef970c24d0bda2c087c
    http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_arm.deb
      Size/MD5 checksum:   664026 f7c2193f6a4a68a090aabafdb7297d1b

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_hppa.deb
      Size/MD5 checksum:  1376592 3cda3866a1e2fcf13e702e789ed075df
    http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_hppa.deb
      Size/MD5 checksum:   714314 9e491abd147dc046a3702269d9cd0d1b

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_i386.deb
      Size/MD5 checksum:  1325060 0c438d6afad2fbd82f37fb2a92d2e109
    http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_i386.deb
      Size/MD5 checksum:   671640 d448bedeaefc0de24d256a862401da14

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_ia64.deb
      Size/MD5 checksum:  1536618 c68927923c69e4d51e35df3bbca94736
    http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_ia64.deb
      Size/MD5 checksum:   838730 9b10a09bb38f156ab2392774e123ca34

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_m68k.deb
      Size/MD5 checksum:  1282356 ce4945f7b57906ee710bc0fb1fc23d04
    http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_m68k.deb
      Size/MD5 checksum:   639332 7e01f8968d3d7c3539164bcd5ddfe390

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_mips.deb
      Size/MD5 checksum:  1368274 72ad629b2802e1027517694a38c923e2
    http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_mips.deb
      Size/MD5 checksum:   711436 8fc708e7101e00c668ba06247f851012

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_mipsel.deb
      Size/MD5 checksum:  1365494 de193ce83bc57ee5544410d306d563c4
    http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_mipsel.deb
      Size/MD5 checksum:   709948 5f8a7bfba56f7c99f2318f7cb4bde8bb

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_powerpc.deb
      Size/MD5 checksum:  1351744 9fb15425d622021fc9d5aeb23a70077d
    http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_powerpc.deb
      Size/MD5 checksum:   692324 dc7a80d14cd4ec9b9f0ad66a0ff4d9ec

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_s390.deb
      Size/MD5 checksum:  1358028 f2d57e3e90678e07239b24c76462e3e4
    http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_s390.deb
      Size/MD5 checksum:   707938 488e81b960f0cb8521e59d043039e6df

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/e/elinks/elinks_0.10.4-7.1_sparc.deb
      Size/MD5 checksum:  1328470 f1430b94811c29d5e05ec9166d73884b
    http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.10.4-7.1_sparc.deb
      Size/MD5 checksum:   672116 5db368ec717809649fe9c6cc590a0eb6


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFdc08Xm3vHE4uyloRAoUmAKDaOFDdifh/9nrTFYmRXaCr9+ie4gCeLjq4
fc+oAyFB3mszcICsAkhE/gs=
=6hci
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRXYKQCh9+71yA2DNAQLEXAP/U8S9cWVc1GI0wS8xwyLz2co7odnL7ZZw
zb3Sl8Pl/kAdkLNBzl7F1dkGZ0PUw6G7s8iTgtfQQC+3YDpTVTEOrWvd4WfO6N9u
M+QfNjvxE5qRchg/EStMaustMNxTqHELhrN/DSwlw9FmR1INcBnpjw4QY6Ru59FW
nTrRxPE85Bo=
=lkv7
-----END PGP SIGNATURE-----