New Opera vulnerability

[Gregor]

To all users of Opera browser :
Quote:
- File deletion in Opera -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, December 15 2003 - SecurityTracker has reported -at
http://www.securitytracker.com/alerts/2 ... 08460.html - a
vulnerability affecting Opera that could allow files to be deleted on local
machines.

This security problem stems from the fact that when the browser displays a
download dialog, the browser creates a file in the temporary directory based
on the name of the file to be downloaded. However, the browser does not
validate the filename, and this could allow a directory traversal.

Because of this vulnerability, it could be possible to create a specially
modified file name as part of the URL so that when the user opens the
download dialog box, the files are overwritten and deleted. The only files
potentially affected are those on which the user has write-permission.

Users with systems that could be affected are advised to install the Opera
version 7.23 build 3227.

Gregor

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031007 Firebird/0.7

[Edward]

I believe 7.23 was released prior to the date specified in the bulletin (15 Dec 2003).

UserAgent: Opera/7.23 (Windows 98; U) [en]

[Phoenix21692]

If Opera 7.23 has been released before that date, is it still affected?

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3.1) Gecko/20030425

[Edward]

7.23 is not affected by the vulnerability.

UserAgent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.5) Gecko/20031007