FreeBSD : opera -- command line URL shell command injection (dfc1daa8-61de-11da-b64c-0001020eed82)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

An Opera Advisory reports :

Opera for UNIX uses a wrapper shell script to start up Opera. This
shell script reads the input arguments, like the file names or URLs
that Opera is to open. It also performs some environment checks, for
example whether Java is available and if so, where it is located.

This wrapper script can also run commands embedded in the URL, so that
a specially crafted URL can make arbitrary commands run on the
recipient's machine. Users who have other programs set up to use Opera
to open Web links are vulnerable to this flaw. For these users,
clicking a Web link in for example OpenOffice.org or Evolution can run
a command that was put into the link.

See also :

http://secunia.com/secunia_research/2005-57/advisory/
http://www.opera.com/support/search/supsearch.dml?index=818
http://www.nessus.org/u?387d1efe

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21521 (freebsd_pkg_dfc1daa861de11dab64c0001020eed82.nasl)

Bugtraq ID: 15521

CVE ID: CVE-2005-3750

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now