Info

Disclosure

Nov 22, 2005

Discovery

Sep 22, 2005

Dates

Exploit

Unknown

Solution

Unknown

Description

Opera contains a flaw that may allow an attacker to execute arbitrary shell commands on a users client. The issue is triggered due to the improper handling of the command line interface allowing the injection of backtick ("`") shell commands into the URL parameter, and resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 8.51 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Opera Software ASA	Opera	8.5
		8.02
		8.01
		8.00

References

Security Tracker: 1015253
Bugtraq ID: 15521
Secunia Advisory ID: 16907 17831 18111
CVE ID: 2005-3750 (see also: NVD)
VUPEN Advisory: ADV-2005-2519
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0677.html
Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Dec/0001.html
http://secunia.com/secunia_research/2005-57/
http://www.gentoo.org/security/en/glsa/glsa-200512-10.xml

Credit

Jakob Balle - jbsecunia.com - Secunia Research

Direct URL: http://osvdb.org/21003

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Opera Software ASA

Opera

References

Credit