FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-3750

This CVE name corresponds to:

Entered Topic
2005-11-30 opera -- command line URL shell command injection

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2005-3750 at cve.mitre.org

Details

Type Candidate
Name CVE-2005-3750
Phase Assigned(20051122)

Description

Opera before 8.51 on Linux and Unix systems allows remote attackers to execute arbitrary code via shell metacharacters (backticks) in a URL that another product provides in a command line argument when launching Opera.

References

Source Reference
FULLDISC 20051122 Secunia Research: Opera Command Line URL Shell Command Injection
BUGTRAQ 20051122 Secunia Research: Opera Command Line URL Shell Command Injection
MISC http://secunia.com/secunia_research/2005-57/advisory/
CONFIRM http://www.opera.com/docs/changelogs/linux/851/
GENTOO GLSA-200512-10
SUSE SUSE-SR:2005:028
BID 15521
VUPEN ADV-2005-2519
OSVDB 21003
SECTRACK 1015253
SECUNIA 16907
SECUNIA 18111
SREASON 199

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.