Mandrake Linux Security Advisory : links (MDKSA-2006:216)
High Nessus Plugin ID 24601
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionThe links web browser with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.
Corporate 3.0 is not affected by this issue, as that version of links does not have smb:// URI support.
Updated packages have disabled access to smb:// URIs.
SolutionUpdate the affected packages.