Opera FTP PASV Port-Scanning Vulnerability
BID:23089
Info
Opera FTP PASV Port-Scanning Vulnerability
| Bugtraq ID: | 23089 |
| Class: | Design Error |
| CVE: |
CVE-2007-1563 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 21 2007 12:00AM |
| Updated: | Apr 30 2007 04:30PM |
| Credit: | [email protected] is credited with the discovery of this vulnerability. |
| Vulnerable: |
SuSE Linux 9.3 x86-64 SuSE Linux 9.3 x86 SuSE Linux 10.1 x86-64 SuSE Linux 10.1 x86 SuSE Linux 10.1 ppc SuSE Linux 10.0 x86-64 SuSE Linux 10.0 x86 SuSE Linux 10.0 ppc S.u.S.E. openSUSE 10.2 Opera Software Opera Web Browser 9.10 Opera Software Opera Web Browser 9.02 Opera Software Opera Web Browser 9.01 Opera Software Opera Web Browser 9 |
| Not Vulnerable: |
Opera Software Opera Web Browser 9.20 |
Discussion
Opera FTP PASV Port-Scanning Vulnerability
Opera is prone to vulnerability that may allow attackers to obtain potentially sensitive information.
A successful exploit of this issue would cause the affected application to connect to arbitrary TCP ports and potentially reveal sensitive information about services that are running on the affected computer. Information obtained may aid attackers in further attacks.
Opera is prone to vulnerability that may allow attackers to obtain potentially sensitive information.
A successful exploit of this issue would cause the affected application to connect to arbitrary TCP ports and potentially reveal sensitive information about services that are running on the affected computer. Information obtained may aid attackers in further attacks.
Exploit / POC
Opera FTP PASV Port-Scanning Vulnerability
The following exploit code is available:
The following exploit code is available:
Solution / Fix
Opera FTP PASV Port-Scanning Vulnerability
Solution:
The vendor has released version 9.20 to address this issue.
Opera Software Opera Web Browser 9.02
Opera Software Opera Web Browser 9
Opera Software Opera Web Browser 9.01
Opera Software Opera Web Browser 9.10
Solution:
The vendor has released version 9.20 to address this issue.
Opera Software Opera Web Browser 9.02
-
Opera Software Opera 9.20 (FreeBSD)
http://www.opera.com/download/index.dml?opsys=FreeBSD%20i386&lng=en&ve r=9.20&platform=FreeBSD%20i386&local=y -
Opera Software Opera 9.20 (i386)
http://www.opera.com/download/index.dml?opsys=Linux%20i386&lng=en&ver= 9.20&platform=Linux%20i386&local=y -
Opera Software Opera 9.20 (Linux PowerPC)
http://www.opera.com/download/index.dml?opsys=Linux%20PowerPC&lng=en&v er=9.20&platform=Linux%20PowerPC&local=y -
Opera Software Opera 9.20 (Linux Sparc)
http://www.opera.com/download/index.dml?opsys=Linux%20Sparc&lng=en&ver =9.20&platform=Linux%20Sparc&local=y -
Opera Software Opera 9.20 (Solaris Intel)
http://www.opera.com/download/index.dml?opsys=Solaris%20Intel&lng=en&v er=9.20&platform=Solaris%20Intel&local=y -
Opera Software Opera 9.20 (Solaris Sparc)
http://www.opera.com/download/index.dml?opsys=Solaris%20Sparc&lng=en&v er=9.20&platform=Solaris%20Sparc&local=y
Opera Software Opera Web Browser 9
-
Opera Software Opera 9.20 (FreeBSD)
http://www.opera.com/download/index.dml?opsys=FreeBSD%20i386&lng=en&ve r=9.20&platform=FreeBSD%20i386&local=y -
Opera Software Opera 9.20 (i386)
http://www.opera.com/download/index.dml?opsys=Linux%20i386&lng=en&ver= 9.20&platform=Linux%20i386&local=y -
Opera Software Opera 9.20 (Linux PowerPC)
http://www.opera.com/download/index.dml?opsys=Linux%20PowerPC&lng=en&v er=9.20&platform=Linux%20PowerPC&local=y -
Opera Software Opera 9.20 (Linux Sparc)
http://www.opera.com/download/index.dml?opsys=Linux%20Sparc&lng=en&ver =9.20&platform=Linux%20Sparc&local=y -
Opera Software Opera 9.20 (Solaris Intel)
http://www.opera.com/download/index.dml?opsys=Solaris%20Intel&lng=en&v er=9.20&platform=Solaris%20Intel&local=y -
Opera Software Opera 9.20 (Solaris Sparc)
http://www.opera.com/download/index.dml?opsys=Solaris%20Sparc&lng=en&v er=9.20&platform=Solaris%20Sparc&local=y
Opera Software Opera Web Browser 9.01
-
Opera Software Opera 9.20 (FreeBSD)
http://www.opera.com/download/index.dml?opsys=FreeBSD%20i386&lng=en&ve r=9.20&platform=FreeBSD%20i386&local=y -
Opera Software Opera 9.20 (i386)
http://www.opera.com/download/index.dml?opsys=Linux%20i386&lng=en&ver= 9.20&platform=Linux%20i386&local=y -
Opera Software Opera 9.20 (Linux PowerPC)
http://www.opera.com/download/index.dml?opsys=Linux%20PowerPC&lng=en&v er=9.20&platform=Linux%20PowerPC&local=y -
Opera Software Opera 9.20 (Linux Sparc)
http://www.opera.com/download/index.dml?opsys=Linux%20Sparc&lng=en&ver =9.20&platform=Linux%20Sparc&local=y -
Opera Software Opera 9.20 (Solaris Intel)
http://www.opera.com/download/index.dml?opsys=Solaris%20Intel&lng=en&v er=9.20&platform=Solaris%20Intel&local=y -
Opera Software Opera 9.20 (Solaris Sparc)
http://www.opera.com/download/index.dml?opsys=Solaris%20Sparc&lng=en&v er=9.20&platform=Solaris%20Sparc&local=y
Opera Software Opera Web Browser 9.10
-
Opera Software Opera 9.20 (FreeBSD)
http://www.opera.com/download/index.dml?opsys=FreeBSD%20i386&lng=en&ve r=9.20&platform=FreeBSD%20i386&local=y -
Opera Software Opera 9.20 (i386)
http://www.opera.com/download/index.dml?opsys=Linux%20i386&lng=en&ver= 9.20&platform=Linux%20i386&local=y -
Opera Software Opera 9.20 (Linux PowerPC)
http://www.opera.com/download/index.dml?opsys=Linux%20PowerPC&lng=en&v er=9.20&platform=Linux%20PowerPC&local=y -
Opera Software Opera 9.20 (Linux Sparc)
http://www.opera.com/download/index.dml?opsys=Linux%20Sparc&lng=en&ver =9.20&platform=Linux%20Sparc&local=y -
Opera Software Opera 9.20 (Solaris Intel)
http://www.opera.com/download/index.dml?opsys=Solaris%20Intel&lng=en&v er=9.20&platform=Solaris%20Intel&local=y -
Opera Software Opera 9.20 (Solaris Sparc)
http://www.opera.com/download/index.dml?opsys=Solaris%20Sparc&lng=en&v er=9.20&platform=Solaris%20Sparc&local=y
References
Opera FTP PASV Port-Scanning Vulnerability
References:
References:
- Opera Homepage (Opera Software)
- security problem handling responses to FTP PASV command (Mozilla)