This script is Copyright (C) 2007-2010 Tenable Network Security, Inc.
The remote host is missing a vendor-supplied security patch
The remote host is missing the patch for the advisory SUSE-SA:2006:038 (opera).
The web browser Opera has been upgraded to version 9.0 to add lots of
new features, and to fix the following security problem:
- CVE-2006-3198: An integer overflow vulnerability exists in the Opera
Web Browser due to the improper handling of JPEG files.
If excessively large height and width values are specified in
certain fields of a JPEG file, an integer overflow may cause Opera
to allocate insufficient memory for the image. This will lead to
a buffer overflow when the image is loaded into memory, which can
be exploited to execute arbitrary code.
- CVE-2006-3331: Opera did not reset the SSL security bar after
displaying a download dialog from an SSL-enabled website, which
allows remote attackers to spoof a trusted SSL certificate from an
untrusted website and facilitates phishing attacks.
Risk factor :
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now