FreeBSD : URI handler vulnerabilities in several browsers (df333ede-a8ce-11d8-9c6d-0020ed76ef5a)

High Nessus Plugin ID 37850


The remote FreeBSD host is missing one or more security-related updates.


Karol Wiesek and Greg MacManus reported via iDEFENSE that the Opera web browser contains a flaw in the handling of certain URIs. When presented with these URIs, Opera would invoke external commands to process them after some validation. However, if the hostname component of a URI begins with a `-', it may be treated as an option by an external command. This could have undesirable side-effects, from denial-of-service to code execution. The impact is very dependent on local configuration.

After the iDEFENSE advisory was published, the KDE team discovered similar problems in KDE's URI handlers.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 37850

File Name: freebsd_pkg_df333edea8ce11d89c6d0020ed76ef5a.nasl

Version: $Revision: 1.12 $

Type: local

Published: 2009/04/23

Modified: 2013/06/22

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:kdelibs, p-cpe:/a:freebsd:freebsd:linux-opera, p-cpe:/a:freebsd:freebsd:opera, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2004/05/18

Vulnerability Publication Date: 2004/05/12

Reference Information

CVE: CVE-2004-0411