FreeBSD : opera -- multiple vulnerabilities (225bc349-ce10-11dd-a721-0030843d3802)

high Nessus Plugin ID 35240

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Opera Team reports :

Manipulating certain text-area contents can cause a buffer overflow, which may be exploited to execute arbitrary code.

Certain HTML constructs can cause the resulting DOM to change unexpectedly, which triggers a crash. To inject code, additional techniques will have to be employed.

Exceptionally long host names in file: URLs can cause a buffer overflow, which may be exploited to execute arbitrary code. Remote Web pages cannot refer to file: URLs, so successful exploitation involves tricking users into manually opening the exploit URL, or a local file that refers to it.

When Opera is previewing a news feed, some scripted URLs are not correctly blocked. These can execute scripts which are able to subscribe the user to any feed URL that the attacker chooses, and can also view the contents of any feeds that the user is subscribed to.
These may contain sensitive information.

Built-in XSLT templates incorrectly handle escaped content and can cause it to be treated as markup. If a site accepts content from untrusted users, which it then displays using XSLT as escaped strings, this can allow scripted markup to be injected. The scripts will then be executed in the security context of that site.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?ed400860

http://www.nessus.org/u?71f5e1a9

http://www.nessus.org/u?8cb3b592

http://www.nessus.org/u?185b4896

http://www.nessus.org/u?cdbb754c

http://www.nessus.org/u?64faa1d7

Plugin Details

Severity: High

ID: 35240

File Name: freebsd_pkg_225bc349ce1011dda7210030843d3802.nasl

Version: 1.15

Type: local

Published: 12/21/2008

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:linux-opera, p-cpe:/a:freebsd:freebsd:opera, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/19/2008

Vulnerability Publication Date: 11/18/2008

Exploitable With

CANVAS (D2ExploitPack)

Core Impact

Reference Information

CVE: CVE-2008-5178

CWE: 119

Secunia: 32752