CVE-2006-5925
links2
EPSS 33.2%
Description
Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.
How to fix CVE-2006-5925
To remediate CVE-2006-5925, upgrade the affected package to a fixed version below.
- Debian/elinks—upgrade to 0.11.1-1.2 or later
- Debian/elinks—upgrade to 0.10.4-7.1 or later
- Debian/links—upgrade to 0.99+1.00pre12-1sarge1 or later
- Debian/links2—upgrade to 2.1pre25-2 or later
- —upgrade to 2.1pre16-1sarge1 or later
Is CVE-2006-5925 being exploited?
Moderate — EPSS is 33.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (5)
- from 0, < 0.11.1-1.2
- from 0, < 0.10.4-7.1
- from 0, < 0.99+1.00pre12-1sarge1
- from 0, < 2.1pre25-2
- from 0, < 2.1pre16-1sarge1