SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Opera Vendors:   Opera Software
(Gentoo Issues Fix) Re: Opera Browser HREF Tag Buffer Overflow Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1008268
SecurityTracker URL:  http://securitytracker.com/id/1008268
CVE Reference:   CVE-2003-0870   (Links to External Site)
Date:  Nov 21 2003
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.11, 7.20
Description:   A buffer overflow was reported in the Opera web browser. A remote user can create HTML containing certain HREF tags to trigger the overflow and execute arbitrary code.

@stake reported that HREF tags containing certain illegally escaped server names within the URL can trigger the buffer overflow. The overflow may occur when the HTML is rendered or when the browser is closed, the report said.

A demonstration exploit tag is of the following form:

<a href="file://server%%[many % characters]%%text" ></a>

The following notification timeline is provided:

09/29/2003 Opera contacted with details of issue
09/30/2003 Vendor responds that they have reproduced problem
10/15/2003 Vendor releases new version of program that includes a fix
10/20/2003 Advisory released

The original advisory is available at:

http://www.atstake.com/research/advisories/2003/a102003-1.txt

Impact:   A remote user can create HTML that will cause the target user's browser to crash or execute arbitrary code. The code will run with the privileges of the target user.
Solution:   Gentoo has issued a fix and encourages users to perform an 'emerge --sync' and upgrade the package to the latest available version. Opera 7.22 is recommended as Opera 7.21 is vulnerable to other security flaws, according to Gentoo.

Gentoo has provided the following specific steps to upgrade:

emerge --sync
emerge '>=net-www/opera-7.22'
emerge clean

Vendor URL:  www.opera.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Gentoo)

Message History:   This archive entry is a follow-up to the message listed below.
Oct 20 2003 Opera Browser HREF Tag Buffer Overflow Lets Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  [gentoo-announce] GLSA: opera (200311-02)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


- ---------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200311-02
- ---------------------------------------------------------------------------

GLSA:        200311-02
package:     net-www/opera
summary:     Buffer overflows in Opera 7.11 and 7.20
severity:    high
Gentoo bug:  31775
date:        2003-11-19
CVE:         CAN-2003-0870
exploit:     local / remote
affected:    =7.11
affected:    =7.20
fixed:       >=7.21

DESCRIPTION:

The Opera browser can cause a buffer allocated on the heap to overflow under
certain HREFs when rendering HTML. The mail system is also deemed vulnerable
and an attacker can send an email containing a malformed HREF, or plant the
malicious HREF on a web site.

Please see http://www.atstake.com/research/advisories/2003/a102003-1.txt for
further details.

SOLUTION:

Users are encouraged to perform an 'emerge --sync' and upgrade the package to
the latest available version. Opera 7.22 is recommended as Opera 7.21 is
vulnerable to other security flaws. Specific steps to upgrade:

emerge --sync
emerge '>=net-www/opera-7.22'
emerge clean

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD8DBQE/vG7lnt0v0zAqOHYRAiqZAJ0SkxOXShPDgAKDnSpQcJAwp39ysQCbBMwN
Tv2P8JB4G1UihepXXX9fW8U=
=YHh4
-----END PGP SIGNATURE-----

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC