[security-alerts] FW: [SA16907] Opera Command Line URL Shell Command Injection

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> 
> TITLE:
> Opera Command Line URL Shell Command Injection
> 
> SECUNIA ADVISORY ID:
> SA16907
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/16907/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Opera 8.x
> http://secunia.com/product/4932/
> Opera 7.x
> http://secunia.com/product/761/
> 
> DESCRIPTION:
> Secunia Research has discovered a vulnerability in Opera, which can
> be exploited by malicious people to compromise a user's system.
> 
> The vulnerability is caused due to the shell script used to launch
> Opera parsing shell commands that are enclosed within backticks in
> the URL provided via the command line. This can e.g. be exploited to
> execute arbitrary shell commands by tricking a user into following a
> malicious link in an external application which uses Opera as the
> default browser (e.g. the mail client Evolution on Red Hat Enterprise
> Linux 4).
> 
> This vulnerability can only be exploited on Unix / Linux based
> environments.
> 
> This vulnerability is a variant of:
> SA16869
> 
> The vulnerability has been confirmed in version 8.5 on Red Hat
> Enterprise Linux 4. Other versions and platforms may also be
> affected.
> 
> SOLUTION:
> Update to version 8.51.
> http://www.opera.com/download/
> 
> PROVIDED AND/OR DISCOVERED BY:
> Originally discovered by:
> Peter Zelezny
> 
> Discovered in Opera by:
> Jakob Balle, Secunia Research
> 
> ORIGINAL ADVISORY:
> http://secunia.com/secunia_research/2005-57/