SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Opera Vendors:   Opera Software
(Vendor Clarifies) Re: Opera Web Browser Can Be Crashed By a Malicious Web Server
SecurityTracker Alert ID:  1002010
SecurityTracker URL:  http://securitytracker.com/id/1002010
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 16 2001
Impact:   Denial of service via network
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 5.0
Description:   A vulnerability has been reported in the Opera web browser that allows a remote web site to cause the Opera web browser to crash.

The vendor provides some clarification. The vendor notes that there is no need for long reply lines to cause the browser to crash. The following reply from the server will reportedly crash Opera:

HTTP/1.0 200 OK\r\n
Connection: X\r\n
X

Impact:   A remote web site can cause the Opera web browser to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.opera.com/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Linux (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Jul 10 2001 Opera Web Browser Can Be Crashed By a Malicious Web Server



 Source Message Contents

Subject:  Re: Opera Browser Heap Overflow (Session Replay Attack)



A few comments to
<URL:http://www.securiteam.com/securitynews/5MP0B004UW.html>.

The crash is _not_ an unchecked buffer error in Opera 5.12.  It is a
mismatched new/delete[] pair in Opera 5.0 for Linux (and not 5.12 for
windows).

Also, there is no need for long reply lines.  The following reply from
the server will also crash Opera:

  HTTP/1.0 200 OK\r\n
  Connection: X\r\n
  X

As far as I can tell, the received reply is not written into any short
buffer, and it is not possible to format the reply in any way to get
code executed.

There is no security problem, just a plain old crash bug. :-)

Please update the "vulnerability" page as soon as possible.

Copy to the reporter and bugtraq for information.
-- 
##>  Petter Reinholdtsen <##    | pere@opera.com

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC