FreeBSD : opera -- multiple vulnerabilities (12d266b6-363f-11dc-b6c9-000c6ec775d9)

high Nessus Plugin ID 25748

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Opera Software ASA reports of multiple security fixes in Opera, including an arbitrary code execute vulnerability :

Opera for Linux, FreeBSD, and Solaris has a flaw in the createPattern function that leaves old data that was in the memory before Opera allocated it in the new pattern. The pattern can be read and analyzed by JavaScript, so an attacker can get random samples of the user's memory, which may contain data.

Removing a specially crafted torrent from the download manager can crash Opera. The crash is caused by an erroneous memory access.

An attacker needs to entice the user to accept the malicious BitTorrent download, and later remove it from Opera's download manager. To inject code, additional means will have to be employed.

Users clicking a BitTorrent link and rejecting the download are not affected.

data: URLs embed data inside them, instead of linking to an external resource. Opera can mistakenly display the end of a data URL instead of the beginning. This allows an attacker to spoof the URL of a trusted site.

Opera's HTTP authentication dialog is displayed when the user enters a Web page that requires a login name and a password. To inform the user which server it was that asked for login credentials, the dialog displays the server name.

The user has to see the entire server name. A truncated name can be misleading. Opera's authentication dialog cuts off the long server names at the right hand side, adding an ellipsis (...) to indicate that it has been cut off.

The dialog has a predictable size, allowing an attacker to create a server name which will look almost like a trusted site, because the real domain name has been cut off. The three dots at the end will not be obvious to all users.

This flaw can be exploited by phishers who can set up custom sub-domains, for example by hosting their own public DNS.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?21ab0334

http://www.nessus.org/u?52da28e4

https://www.opera.com/help

http://www.nessus.org/u?b5d16112

http://www.nessus.org/u?312e224b

https://help.opera.com/en/latest/

http://www.nessus.org/u?1a67d145

Plugin Details

Severity: High

ID: 25748

File Name: freebsd_pkg_12d266b6363f11dcb6c9000c6ec775d9.nasl

Version: 1.18

Type: local

Published: 7/23/2007

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:linux-opera, p-cpe:/a:freebsd:freebsd:opera, p-cpe:/a:freebsd:freebsd:opera-devel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 7/19/2007

Vulnerability Publication Date: 7/19/2007

Reference Information

CVE: CVE-2007-3929, CVE-2007-4944

CWE: 119