FreeBSD : opera -- multiple vulnerabilities (12d266b6-363f-11dc-b6c9-000c6ec775d9)

This script is Copyright (C) 2007-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Opera Software ASA reports of multiple security fixes in Opera,
including an arbitrary code execute vulnerability :

Opera for Linux, FreeBSD, and Solaris has a flaw in the createPattern
function that leaves old data that was in the memory before Opera
allocated it in the new pattern. The pattern can be read and analyzed
by JavaScript, so an attacker can get random samples of the user's
memory, which may contain data.

Removing a specially crafted torrent from the download manager can
crash Opera. The crash is caused by an erroneous memory access.

An attacker needs to entice the user to accept the malicious
BitTorrent download, and later remove it from Opera's download
manager. To inject code, additional means will have to be employed.

Users clicking a BitTorrent link and rejecting the download are not
affected.

data: URLs embed data inside them, instead of linking to an external
resource. Opera can mistakenly display the end of a data URL instead
of the beginning. This allows an attacker to spoof the URL of a
trusted site.

Opera's HTTP authentication dialog is displayed when the user enters a
Web page that requires a login name and a password. To inform the user
which server it was that asked for login credentials, the dialog
displays the server name.

The user has to see the entire server name. A truncated name can be
misleading. Opera's authentication dialog cuts off the long server
names at the right hand side, adding an ellipsis (...) to indicate
that it has been cut off.

The dialog has a predictable size, allowing an attacker to create a
server name which will look almost like a trusted site, because the
real domain name has been cut off. The three dots at the end will not
be obvious to all users.

This flaw can be exploited by phishers who can set up custom
sub-domains, for example by hosting their own public DNS.

See also :

http://www.nessus.org/u?21ab0334
http://www.opera.com/support/search/view/861/
http://www.opera.com/support/search/view/862/
http://www.opera.com/support/search/view/863/
http://www.opera.com/support/search/view/864/
http://www.opera.com/docs/changelogs/freebsd/922/
http://www.nessus.org/u?f2f78f15

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 25748 (freebsd_pkg_12d266b6363f11dcb6c9000c6ec775d9.nasl)

Bugtraq ID:

CVE ID: CVE-2007-3929
CVE-2007-4944

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now