Links.Browser.ELinks.SMBClient.Remote.Command.Execution

description-logoDescription

It indicate a possible exploit of an unauthorized command execution vulnerability in Links web browser and Elinks, with smbclient installed, that may allow remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.

affected-products-logoAffected Products

S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 10.1
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux AS 4
RedHat Desktop 4.0
OpenPKG OpenPKG 2.5
OpenPKG OpenPKG 2.4
OpenPKG OpenPKG 2.3
OpenPKG OpenPKG 2.2
OpenPKG OpenPKG 2.1
OpenPKG OpenPKG 2.0
OpenPKG OpenPKG Stable
OpenPKG OpenPKG E1.0-Solid
OpenPKG OpenPKG Current
OpenPKG OpenPKG 2-Stable-20061018
MandrakeSoft Linux Mandrake 2006.0 x86_64
MandrakeSoft Linux Mandrake 2006.0
MandrakeSoft Linux Mandrake 2007.0 x86_64
MandrakeSoft Linux Mandrake 2007.0
Links Links 2.1pre25
Links Links 2.1 pre24
Links Links 2.1 pre23
Links Links 2.1
Links Links 1.00pre12
Gentoo Linux
ELinks ELinks 0.11.1
ELinks ELinks 0.10.4
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1

Impact logoImpact

Compromise of system

recomended-action-logoRecommended Actions

The vendor has addressed this issue in versions 1.00pre19 and 2.1pre26.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-10-12 16.941 Name:Links.
ELinks.
SMBClient.
Remote.
Command.
Execution:Links.
Browser.
ELinks.
SMBClient.
Remote.
Command.
Execution