Detections
Analytics

FreeBSD : opera -- multiple vulnerabilities (78ad2525-9d0c-11db-a5f6-000c6ec775d9)

high Nessus Plugin ID 23988

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

iDefense reports :

The vulnerability specifically exists due to Opera improperly processing a JPEG DHT marker. The DHT marker is used to define a Huffman Table which is used for decoding the image data. An invalid number of index bytes in the DHT marker will trigger a heap overflow with partially user controlled data.

Exploitation of this vulnerability would allow an attacker to execute arbitrary code on the affected host. The attacker would first need to construct a website containing the malicious image and trick the vulnerable user into visiting the site. This would trigger the vulnerability and allow the code to execute with the privileges of the local user.

A flaw exists within Opera's JavaScript SVG implementation. When processing a createSVGTransformFromMatrix request Opera does not properly validate the type of object passed to the function. Passing an incorrect object to this function can result in it using a pointer that is user controlled when it attempts to make the virtual function call.

Exploitation of this vulnerability would allow an attacker to execute arbitrary code on the affected host. The attacker would first need to construct a website containing the malicious JavaScript and trick the vulnerable user into visiting the site. This would trigger the vulnerability and allow the code to execute with the privileges of the local user.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?05bc3cca

http://www.nessus.org/u?6d4eeada

http://www.nessus.org/u?460cd1d1

http://www.nessus.org/u?669e3cc8

http://www.nessus.org/u?0075c844

Plugin Details

Severity: High

ID: 23988

File Name: freebsd_pkg_78ad25259d0c11dba5f6000c6ec775d9.nasl

Version: 1.20

Type: local

Published: 1/8/2007

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:linux-opera, p-cpe:/a:freebsd:freebsd:opera, p-cpe:/a:freebsd:freebsd:opera-devel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 1/5/2007

Vulnerability Publication Date: 1/5/2007

Reference Information

CVE: CVE-2007-0126, CVE-2007-0127

CWE: 119, 94