Vulnerabilities > CVE-2006-3331 - Unspecified vulnerability in Opera Browser
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks.
Vulnerable Configurations
Nessus
NASL family Windows NASL id OPERA_900.NASL description The version of Opera installed on the remote host reportedly contains an issue that presents itself when the height and width parameters of a JPEG image are set excessively high, causing Opera to allocate insufficient memory for the image and crash as it tries to write to memory at the wrong location. In addition, it is reportedly affected by a flaw that may allow an attacker to display an SSL certificate from a trusted site on an untrusted one. last seen 2020-06-01 modified 2020-06-02 plugin id 21786 published 2006-06-30 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21786 title Opera < 9.00 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(21786); script_version("1.18"); script_cve_id("CVE-2006-3198", "CVE-2006-3331"); script_bugtraq_id(18594, 18692); script_name(english:"Opera < 9.00 Multiple Vulnerabilities"); script_summary(english:"Checks version number of Opera"); script_set_attribute(attribute:"synopsis", value: "The remote host contains a web browser that is affected by multiple issues." ); script_set_attribute(attribute:"description", value: "The version of Opera installed on the remote host reportedly contains an issue that presents itself when the height and width parameters of a JPEG image are set excessively high, causing Opera to allocate insufficient memory for the image and crash as it tries to write to memory at the wrong location. In addition, it is reportedly affected by a flaw that may allow an attacker to display an SSL certificate from a trusted site on an untrusted one." ); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/438074/30/0/threaded" ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20061016111151/http://www.opera.com/support/search/supsearch.dml?index=834" ); script_set_attribute(attribute:"see_also", value:"https://secuniaresearch.flexerasoftware.com/secunia_research/2006-49/advisory/" ); script_set_attribute(attribute:"solution", value: "Upgrade to Opera version 9.00 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2006/06/30"); script_set_attribute(attribute:"vuln_publication_date", value: "2006/06/22"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_dependencies("opera_installed.nasl"); script_require_keys("SMB/Opera/Version_UI"); exit(0); } include("global_settings.inc"); version_ui = get_kb_item("SMB/Opera/Version_UI"); if (isnull(version_ui)) exit(0); if (version_ui =~ "^([0-8]\.|9\.00 [Bb]eta)") { if (report_verbosity) { report = string( "\n", "Opera version ", version_ui, " is currently installed on the remote host.\n" ); security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); }
NASL family SuSE Local Security Checks NASL id SUSE_SA_2006_038.NASL description The remote host is missing the patch for the advisory SUSE-SA:2006:038 (opera). The web browser Opera has been upgraded to version 9.0 to add lots of new features, and to fix the following security problem: - CVE-2006-3198: An integer overflow vulnerability exists in the Opera Web Browser due to the improper handling of JPEG files. If excessively large height and width values are specified in certain fields of a JPEG file, an integer overflow may cause Opera to allocate insufficient memory for the image. This will lead to a buffer overflow when the image is loaded into memory, which can be exploited to execute arbitrary code. - CVE-2006-3331: Opera did not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks. last seen 2019-10-28 modified 2007-02-18 plugin id 24418 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24418 title SUSE-SA:2006:038: opera
References
- http://secunia.com/secunia_research/2006-49/advisory/
- http://www.securityfocus.com/bid/18692
- http://secunia.com/advisories/19480
- http://www.novell.com/linux/security/advisories/2006_38_opera.html
- http://securitytracker.com/id?1016406
- http://secunia.com/advisories/20897
- http://securityreason.com/securityalert/1177
- http://www.vupen.com/english/advisories/2006/2571
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27449
- http://www.securityfocus.com/archive/1/438634/100/0/threaded