Opera Web Browser KDE KFMCLIENT远程命令执行漏洞

漏洞信息详情

Opera Web Browser KDE KFMCLIENT远程命令执行漏洞

• CNNVD编号：CNNVD-200412-224
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-1491
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2004-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  opera_software
• 漏洞来源：
  disclosed this vulnerability.’);”>”Giovanni Delvecch…

Opera 7.54及之前版本使用kfmclient exec来处理未知的MIME类型，远程攻击者可以借助快捷键或含有Exec入口的启动器执行任意代码。

The vendor has released fixes to address this and other issues.
Gentoo has released an advisory (GLSA 200502-17) and an updated eBuild to address this and other issues in the Opera Web Browser. This update can be installed by issuing the following sequence of commands as a superuser:
emerge –sync
emerge –ask –oneshot –verbose “>=net-www/opera-7.54-r3”
SUSE has released an advisory SUSE-SR:2005:008 to address various security issues affecting SUSE products. Please see the referenced advisory for more information.

Opera Software Opera Web Browser 7.54

• Opera Software Opera 7.54u2
  
  http://www.opera.com/download/
• SuSE opera-7.54-10.2.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/opera-7.54-10.2.i
  586.rpm
• SuSE opera-7.54-10.2.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/opera-7.54-10
  .2.x86_64.rpm
• SuSE opera-7.54-17.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/opera-7.54-17.i58
  6.rpm
• SuSE opera-7.54-17.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/opera-7.54-17.i58
  6.rpm
• SuSE opera-7.54-17.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/opera-7.54-17
  .x86_64.rpm
• SuSE opera-7.54-7.5.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/opera-7.54-7.5.i5
  86.rpm
• SuSE opera-7.54-7.5.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/opera-7.54-7.
  5.x86_64.rpm

来源: BID
名称: 11901
链接:http://www.securityfocus.com/bid/11901

来源: GENTOO
名称: GLSA-200502-17
链接:http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml

来源: SECUNIA
名称: 13447
链接:http://secunia.com/advisories/13447/

来源: XF
名称: pera-kfmclient-command-execution(18457)
链接:http://xforce.iss.net/xforce/xfdb/18457

来源: www.zone-h.org
链接:http://www.zone-h.org/advisories/read/id=6503

来源: www.opera.com
链接:http://www.opera.com/linux/changelogs/754u2/

来源: SUSE
名称: SUSE-SR:2005:008
链接:http://lists.suse.com/archive/suse-security-announce/2005-Mar/0007.html