Bug#399187: CVE-2006-5925: Links "smb" Protocol File Upload/Download Vulnerability

Julien Cristau Sun, 26 Nov 2006 17:59:30 -0800

tags 399187 patch
kthxbye

On Sat, Nov 18, 2006 at 12:59:57 +0100, Stefan Fritsch wrote:


> A vulnerability has been found in links:
> Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed
> allows remote attackers to execute arbitrary code via shell
> metacharacters in an smb:// URI, as demonstrated by using PUT and GET
> statements.
> 
Hi, the attached patch disables smb support in links and thus fixes this
issue.

Cheers,
Julien

diff -u links-0.99+1.00pre12/debian/changelog 
links-0.99+1.00pre12/debian/changelog
--- links-0.99+1.00pre12/debian/changelog
+++ links-0.99+1.00pre12/debian/changelog
@@ -1,3 +1,12 @@
+links (0.99+1.00pre12-1.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * High-urgency for security bug fix.
+  * Build without smb support to fix security issue (CVE-2006-5925),
+    closes: #399187.
+
+ -- Julien Cristau <[EMAIL PROTECTED]>  Mon, 27 Nov 2006 02:03:42 +0100
+
 links (0.99+1.00pre12-1) unstable; urgency=low
 
   * New upstream version 1.00pre12 (closes: #240059).
diff -u links-0.99+1.00pre12/debian/rules links-0.99+1.00pre12/debian/rules
--- links-0.99+1.00pre12/debian/rules
+++ links-0.99+1.00pre12/debian/rules
@@ -17,6 +17,8 @@
                cat http.c | sed -e "s/@@PKGVERSION@@/${PKGVER}/" > 
http.c.versioned ; \
                mv http.c http.c.unchanged ; mv http.c.versioned http.c ; \
        fi
+       # make sure Makefile.in is newer than Makefile.am
+       touch Makefile.in
 
        ./configure --without-ssl --prefix=/usr --mandir=\$${prefix}/share/man
        # Add here commands to compile the package.
only in patch2:
unchanged:
--- links-0.99+1.00pre12.orig/links.h
+++ links-0.99+1.00pre12/links.h
@@ -957,7 +957,7 @@
 
 /* smb.c */
 
-void smb_func(struct connection *);
+/* void smb_func(struct connection *); */
 
 /* mailto.c */
 
only in patch2:
unchanged:
--- links-0.99+1.00pre12.orig/Makefile.am
+++ links-0.99+1.00pre12/Makefile.am
@@ -8,7 +8,7 @@
 EXTRA_DIST=$(man_MANS) Unicode/* intl/* config2.h Makefile.gen BUGS TODO SITES 
mailcap.pl wipe-out-ssl wipe-out-ssl.awk
 
 bin_PROGRAMS=links
-links_SOURCES=af_unix.c beos.c bfu.c bookmarks.c cache.c charsets.c connect.c 
cookies.c default.c dns.c error.c file.c finger.c ftp.c html.c html_r.c 
html_tbl.c http.c https.c kbd.c kbdbind.c language.c mailto.c main.c menu.c 
os_dep.c sched.c select.c session.c smb.c terminal.c types.c url.c view.c 
win32.c links.h os_dep.h os_depx.h setup.h codepage.h language.h codepage.inc 
entity.inc uni_7b.inc language.inc rebuild rebuild.cmd
+links_SOURCES=af_unix.c beos.c bfu.c bookmarks.c cache.c charsets.c connect.c 
cookies.c default.c dns.c error.c file.c finger.c ftp.c html.c html_r.c 
html_tbl.c http.c https.c kbd.c kbdbind.c language.c mailto.c main.c menu.c 
os_dep.c sched.c select.c session.c terminal.c types.c url.c view.c win32.c 
links.h os_dep.h os_depx.h setup.h codepage.h language.h codepage.inc 
entity.inc uni_7b.inc language.inc rebuild rebuild.cmd
 
 datadir = $(prefix)/@DATADIRNAME@
 LIBS = @LIBS@
only in patch2:
unchanged:
--- links-0.99+1.00pre12.orig/Makefile.in
+++ links-0.99+1.00pre12/Makefile.in
@@ -72,7 +72,7 @@
 EXTRA_DIST = $(man_MANS) Unicode/* intl/* config2.h Makefile.gen BUGS TODO 
SITES mailcap.pl wipe-out-ssl wipe-out-ssl.awk
 
 bin_PROGRAMS = links
-links_SOURCES = af_unix.c beos.c bfu.c bookmarks.c cache.c charsets.c 
connect.c cookies.c default.c dns.c error.c file.c finger.c ftp.c html.c 
html_r.c html_tbl.c http.c https.c kbd.c kbdbind.c language.c mailto.c main.c 
menu.c os_dep.c sched.c select.c session.c smb.c terminal.c types.c url.c 
view.c win32.c links.h os_dep.h os_depx.h setup.h codepage.h language.h 
codepage.inc entity.inc uni_7b.inc language.inc rebuild rebuild.cmd
+links_SOURCES = af_unix.c beos.c bfu.c bookmarks.c cache.c charsets.c 
connect.c cookies.c default.c dns.c error.c file.c finger.c ftp.c html.c 
html_r.c html_tbl.c http.c https.c kbd.c kbdbind.c language.c mailto.c main.c 
menu.c os_dep.c sched.c select.c session.c terminal.c types.c url.c view.c 
win32.c links.h os_dep.h os_depx.h setup.h codepage.h language.h codepage.inc 
entity.inc uni_7b.inc language.inc rebuild rebuild.cmd
 
 datadir = $(prefix)/@DATADIRNAME@
 LIBS = @LIBS@
@@ -89,7 +89,7 @@
 links_OBJECTS =  af_unix.o beos.o bfu.o bookmarks.o cache.o charsets.o \
 connect.o cookies.o default.o dns.o error.o file.o finger.o ftp.o \
 html.o html_r.o html_tbl.o http.o https.o kbd.o kbdbind.o language.o \
-mailto.o main.o menu.o os_dep.o sched.o select.o session.o smb.o \
+mailto.o main.o menu.o os_dep.o sched.o select.o session.o \
 terminal.o types.o url.o view.o win32.o
 links_LDADD = $(LDADD)
 links_DEPENDENCIES = 
only in patch2:
unchanged:
--- links-0.99+1.00pre12.orig/url.c
+++ links-0.99+1.00pre12/url.c
@@ -16,7 +16,6 @@
                {"proxy", 3128, proxy_func, NULL, 0, 1, 1, 1},
                {"ftp", 21, ftp_func, NULL, 0, 1, 1, 0},
                {"finger", 79, finger_func, NULL, 0, 1, 1, 0},
-               {"smb", 139, smb_func, NULL, 0, 1, 1, 0},
                {"mailto", 0, NULL, mailto_func, 0, 0, 0, 0},
                {"telnet", 0, NULL, telnet_func, 0, 0, 0, 0},
                {"tn3270", 0, NULL, tn3270_func, 0, 0, 0, 0},

signature.asc
Description: Digital signature

Bug#399187: CVE-2006-5925: Links "smb" Protocol File Upload/Download Vulnerability

Reply via email to