Red Hat Bugzilla – Bug 215807
CVE-2006-5925 elinks smb protocol arbitrary file access
Last modified: 2008-08-02 19:40:34 EDT
An arbitrary file access flaw was found in the Elinks SMB protocol handler.
A malicious web page could have caused Elinks to read or write files with
the permissions of the user running Elinks. (CVE-2006-5925)
RH Announcement: https://rhn.redhat.com/errata/RHSA-2006-0742.html
Looks like this was "fixed" in RHEL4 by disabling SMB within elinks - any
objections to doing similar for FC3/FC4?
-----BEGIN PGP SIGNED MESSAGE-----
Since it turns out smb is disabled within elinks on
all RHEL versions, I think we should be safe to do the same.
I've created updated packages for FC3 and FC4 to fix this issue.
The FC3 package uses the patch from EL4.
For the FC4 package, I have simply added the "--disable-smb"
flag to the configure line in the spec. This seems cleaner
to me than creating a new patch, especially since I know
very little about automake and autoconf :)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
-----END PGP SIGNATURE-----
Can we close this bug?
Sure. Legacy is no longer providing security updates, so I don't see any reason
to keep this open.