knowledge-database (beta)

Current group: opera.brazil

Vulnerabilidade no Opera for Linux

Vulnerabilidade no Opera for Linux  
Flavio_Suárez
 Re: Vulnerabilidade no Opera for Linux  
Kerberos
 Re: Vulnerabilidade no Opera for Linux  
camgallo
From:Flavio_Suárez
Subject:Vulnerabilidade no Opera for Linux
Date:Wed, 15 Dec 2004 10:28:58 -0200

- Command execution in Opera -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, December 14 2004 - SecurityTracker has reported the existence of a
vulnerability in the Opera browser -when used in the Linux KDE
environment-, which could allow commands to be executed on the affected
system.

The problem lies in the fact that, by default, KDE uses "kfmclient exec"
as the application for handling saved files. Because of this, a user could
cause arbitrary shell commands to run on the system.

Due to this vulnerability a remote malicious server could, for example,
supply 'image.Jpg' with an unknown Content-Type field, causing Opera to
display a dialog box. If the target user selected 'Open' to view the image
file, the file would open using 'kfmclient exec'. If 'image.Jpg' were a
KDE desktop entry, the user's system would execute the command in the
'Exec' entry.


--
Usando o M2, revolucionário cliente de e-mail do Opera:
http://www.opera.com/m2/
From:Kerberos
Subject:Re: Vulnerabilidade no Opera for Linux
Date:Wed, 15 Dec 2004 16:40:41 -0200
Em Wed, 15 Dec 2004 10:28:58 -0200, Flavio Suárez
escreveu:

>
> - Command execution in Opera -
> Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
>
> Madrid, December 14 2004 - SecurityTracker has reported the existence of
> a vulnerability in the Opera browser -when used in the Linux KDE
> environment-, which could allow commands to be executed on the affected
> system.
>
> The problem lies in the fact that, by default, KDE uses "kfmclient exec"
> as the application for handling saved files. Because of this, a user
> could cause arbitrary shell commands to run on the system.
>
> Due to this vulnerability a remote malicious server could, for example,
> supply 'image.Jpg' with an unknown Content-Type field, causing Opera to
> display a dialog box. If the target user selected 'Open' to view the
> image file, the file would open using 'kfmclient exec'. If 'image.Jpg'
> were a KDE desktop entry, the user's system would execute the command in
> the 'Exec' entry.
>
>

Graças a Deus aqui a gente usa o Opera em Windows e em FreeBSD com
ambiente Gnome.
Năo gosto muito do Linux.

--

Kerberos.

http://www.opera.com
http://www.freebsd.org
http://www.osresources.com
http://exodus.jabberstudio.org
From:camgallo
Subject:Re: Vulnerabilidade no Opera for Linux
Date:8 Jan 2005 21:02:12 -0800
http://camgallo.fateback.com
orkut secret, orkut google
kut, orkut java, all about orkut
   
Copyright © 2006 knowledge-database   -   All rights reserved