TITLE:
Opera Command Line URL Shell Command Injection

SECUNIA ADVISORY ID:
SA16907

VERIFY ADVISORY:
http://secunia.com/advisories/16907/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Opera 8.x
http://secunia.com/product/4932/
Opera 7.x
http://secunia.com/product/761/

DESCRIPTION:
Secunia Research has discovered a vulnerability in Opera, which can
be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to the shell script used to launch
Opera parsing shell commands that are enclosed within backticks in
the URL provided via the command line. This can e.g. be exploited to
execute arbitrary shell commands by tricking a user into following a
malicious link in an external application which uses Opera as the
default browser (e.g. the mail client Evolution on Red Hat Enterprise
Linux 4).

This vulnerability can only be exploited on Unix / Linux based
environments.

This vulnerability is a variant of:
SA16869

The vulnerability has been confirmed in version 8.5 on Red Hat
Enterprise Linux 4. Other versions and platforms may also be
affected.

SOLUTION:
Update to version 8.51.
http://www.opera.com/download/

PROVIDED AND/OR DISCOVERED BY:
Originally discovered by:
Peter Zelezny

Discovered in Opera by:
Jakob Balle, Secunia Research

ORIGINAL ADVISORY:
http://secunia.com/secunia_research/2005-57/