Opera Web浏览器下载对话框文件名欺骗漏洞

漏洞信息详情

Opera Web浏览器下载对话框文件名欺骗漏洞

• CNNVD编号：CNNVD-200412-1147
• 危害等级： 低危
  
  
• CVE编号：
  CVE-2004-1490
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2004-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  opera_software
• 漏洞来源：
  Discovery of this …

Opera 7.54以及之前的版本存在漏洞。远程攻击者借助（1）内容处置或（2）内容类型头中的点和非中断空格（ASCII字符代码160）欺骗下载对话框里的文件类型。

The vendor has released fixes to address this and other issues.
Gentoo has released an advisory (GLSA 200502-17) and an updated eBuild to address this and other issues in the Opera Web Browser. This update can be installed by issuing the following sequence of commands as a superuser:
emerge –sync
emerge –ask –oneshot –verbose “>=net-www/opera-7.54-r3”
Opera Software Opera Web Browser 7.0 win32

• Opera Software Opera 7.54u2
  
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.0 1win32

• Opera Software Opera 7.54u2
  
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.0 win32 Beta 2

• Opera Software Opera 7.54u2
  
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.0 3win32

• Opera Software Opera 7.54u2
  
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.0 win32 Beta 1

• Opera Software Opera 7.54u2
  
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.0 2win32

• Opera Software Opera 7.54u2
  
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.10

• Opera Software Opera 7.54u2
  
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.11 b

• Opera Software Opera 7.54u2
  
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.11

• Opera Software Opera 7.54u2
  
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.11 j

• Opera Software Opera 7.54u2
  
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.20 Beta 1 build 2981

• Opera Software Opera 7.54u2
  
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.20

• Opera Software Opera 7.54u2
  
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.21

• Opera Software Opera 7.54u2
  
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.22

• Opera Software Opera 7.54u2
  
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.23

• Opera Software Opera 7.54u2
  
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.50

• Opera Software Opera 7.54u2
  
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.51

• Opera Software Opera 7.54u2
  
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.52

• Opera Software Opera 7.54u2
  
  http://www.opera.com/download/

Opera Software Opera Web Browser 7.53

• Opera Software Opera 7.54u2
  
  http://www.opera.com/download/

来源: BID
名称: 11883
链接:http://www.securityfocus.com/bid/11883

来源: GENTOO
名称: GLSA-200502-17
链接:http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml

来源: secunia.com
链接:http://secunia.com/secunia_research/2004-19/advisory/

来源: SECUNIA
名称: 12981
链接:http://secunia.com/advisories/12981

来源: XF
名称: opera-file-type-spoofing(18423)
链接:http://xforce.iss.net/xforce/xfdb/18423

来源: www.opera.com
链接:http://www.opera.com/linux/changelogs/754u1/