Red Hat Bugzilla – Bug 215734
CVE-2006-5925 elinks smb protocol arbitrary file access
Last modified: 2007-11-30 17:11:49 EST
+++ This bug was initially created as a clone of Bug #215731 +++
A flaw has been found in the way elinks parses smb:// protocol URLs:
This flaw could allow a remote web page to read and write arbitrary files with
the permissions of the user running elinks.
The --disable-smb option has been added to FC5 and FC6 spec file (... although
this bug doesn't have impact on packages which was compiled in build roots where
is not smbclient (e.g. mock build roots).
elinks-0.11.0-2.4 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
elinks-0.11.1-5.1 has been pushed for fc6, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.