ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA16907] Opera Command Line URL Shell Command Injection



> 
> 
> TITLE:
> Opera Command Line URL Shell Command Injection
> 
> SECUNIA ADVISORY ID:
> SA16907
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/16907/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Opera 8.x
> http://secunia.com/product/4932/
> Opera 7.x
> http://secunia.com/product/761/
> 
> DESCRIPTION:
> Secunia Research has discovered a vulnerability in Opera, which can
> be exploited by malicious people to compromise a user's system.
> 
> The vulnerability is caused due to the shell script used to launch
> Opera parsing shell commands that are enclosed within backticks in
> the URL provided via the command line. This can e.g. be exploited to
> execute arbitrary shell commands by tricking a user into following a
> malicious link in an external application which uses Opera as the
> default browser (e.g. the mail client Evolution on Red Hat Enterprise
> Linux 4).
> 
> This vulnerability can only be exploited on Unix / Linux based
> environments.
> 
> This vulnerability is a variant of:
> SA16869
> 
> The vulnerability has been confirmed in version 8.5 on Red Hat
> Enterprise Linux 4. Other versions and platforms may also be
> affected.
> 
> SOLUTION:
> Update to version 8.51.
> http://www.opera.com/download/
> 
> PROVIDED AND/OR DISCOVERED BY:
> Originally discovered by:
> Peter Zelezny
> 
> Discovered in Opera by:
> Jakob Balle, Secunia Research
> 
> ORIGINAL ADVISORY:
> http://secunia.com/secunia_research/2005-57/




 




Copyright © Lexa Software, 1996-2009.