FreeBSD : opera -- multiple vulnerabilities (78ad2525-9d0c-11db-a5f6-000c6ec775d9)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

iDefense reports :

The vulnerability specifically exists due to Opera improperly
processing a JPEG DHT marker. The DHT marker is used to define a
Huffman Table which is used for decoding the image data. An invalid
number of index bytes in the DHT marker will trigger a heap overflow
with partially user controlled data.

Exploitation of this vulnerability would allow an attacker to execute
arbitrary code on the affected host. The attacker would first need to
construct a website containing the malicious image and trick the
vulnerable user into visiting the site. This would trigger the
vulnerability and allow the code to execute with the privileges of the
local user.

A flaw exists within Opera's JavaScript SVG implementation. When
processing a createSVGTransformFromMatrix request Opera does not
properly validate the type of object passed to the function. Passing
an incorrect object to this function can result in it using a pointer
that is user controlled when it attempts to make the virtual function
call.

Exploitation of this vulnerability would allow an attacker to execute
arbitrary code on the affected host. The attacker would first need to
construct a website containing the malicious JavaScript and trick the
vulnerable user into visiting the site. This would trigger the
vulnerability and allow the code to execute with the privileges of the
local user.

See also :

http://www.nessus.org/u?05bc3cca
http://www.nessus.org/u?6d4eeada
http://www.opera.com/support/search/supsearch.dml?index=851
http://www.opera.com/support/search/supsearch.dml?index=852
http://www.nessus.org/u?09e73d33

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 23988 (freebsd_pkg_78ad25259d0c11dba5f6000c6ec775d9.nasl)

Bugtraq ID:

CVE ID: CVE-2007-0126
CVE-2007-0127

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now