Get our new Windows 7 eBook (PDF) for $7 with 70+ Tips. Download Now!

Opera Command Line URL Shell Command Injection

Monday, December 12th, 2005
by Robert Glen Fogarty

No Related Post

Secunia Advisory: SA16907
Critical: Highly critical -
Impact: System access -
Where: From remote -
Solution Status: Vendor Patch -
Software: Opera 7.x, Opera 8.x

Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to the shell script used to launch Opera parsing shell commands that are enclosed within backticks in the URL provided via the command line. This can e.g. be exploited to execute arbitrary shell commands by tricking a user into following a malicious link in an external application which uses Opera as the default browser (e.g. the mail client Evolution on Red Hat Enterprise Linux 4).

This vulnerability can only be exploited on Unix / Linux based environments.

This vulnerability is a variant of: SA16869

The vulnerability has been confirmed in version 8.5 on Red Hat Enterprise Linux 4. Other versions and platforms may also be affected.

Solution: Update to version 8.51.

http://www.opera.com/download/

[Continue reading Secunia Advisory SA16907]

Tags

Categories

Linux

What Do You Think?

Posted Recently

Ba Ba BaShare Is Not Fore Sheep

GnoMenu Brings Menu Control To GNOME Users

Better MP3 Players Than The iPod?

Source Code Released - Google Chromium OS

To GIMP Or Not To GIMP

Banshee Gets New Features

SourceForge To GeekNet - Let The Confusion Commence

Weirdest Mouse Ever Built?

Is Windows 7 Really Easier To Install?

Could Skype Really Go Open Source

Microsoft Linux?

Ubuntu Five Years Later

Seeking Linux Support Over VoIP

Citibank Lives In The Past

Is Ubuntu The Defacto Windows 7 Alternative?

Adobe Likes What Now?

Is Linux It’s Own Worst Enemy?

IBM Ready To Make Ubuntu Your Default Desktop?

Red Hat Out Does Microsoft Stock Price

OpenShot Video Editor Continues To Blow Me Away

Remembering Mandriva

Eeebuntu Goes Debian

Guitarix Gives JACK Some Rock

Linux Foundation Membership Keeps On Giving

Ghosting With Clonezilla

Does Linux Attract Trolls?

WINE Is Always Better Aged

Open Source That Soda Son

Linux Audio - A History

Which Distro Has The Most Users?

Interview With Pulseaudio Creator

WebcamStudio For Desktop Broadcasting

Best Notebook For Running Linux

London’s Stock Exchange Joins NY’s With Linux

Dual Booting With Common Sense

A Friendly Reminder - Wait Before Upgrading

I Love Me Some Ear Candy!

Puppy Linux Simply Rocks

Remote Desktop From Ubuntu To XP

The $50 Netbook - Yes I Am Completely Serious

35 queries / 0.356 seconds.