FreeBSD : opera -- multiple vulnerabilities (225bc349-ce10-11dd-a721-0030843d3802)

This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Opera Team reports :

Manipulating certain text-area contents can cause a buffer overflow,
which may be exploited to execute arbitrary code.

Certain HTML constructs can cause the resulting DOM to change
unexpectedly, which triggers a crash. To inject code, additional
techniques will have to be employed.

Exceptionally long host names in file: URLs can cause a buffer
overflow, which may be exploited to execute arbitrary code. Remote Web
pages cannot refer to file: URLs, so successful exploitation involves
tricking users into manually opening the exploit URL, or a local file
that refers to it.

When Opera is previewing a news feed, some scripted URLs are not
correctly blocked. These can execute scripts which are able to
subscribe the user to any feed URL that the attacker chooses, and can
also view the contents of any feeds that the user is subscribed to.
These may contain sensitive information.

Built-in XSLT templates incorrectly handle escaped content and can
cause it to be treated as markup. If a site accepts content from
untrusted users, which it then displays using XSLT as escaped strings,
this can allow scripted markup to be injected. The scripts will then
be executed in the security context of that site.

See also :

http://www.opera.com/support/kb/view/920/
http://www.opera.com/support/kb/view/921/
http://www.opera.com/support/kb/view/922/
http://www.opera.com/support/kb/view/923/
http://www.opera.com/support/kb/view/924/
http://www.nessus.org/u?86f4348a

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 35240 (freebsd_pkg_225bc349ce1011dda7210030843d3802.nasl)

Bugtraq ID:

CVE ID: CVE-2008-5178

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now