Vulnerabilities > CVE-2008-1764 - Unspecified vulnerability in Opera

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
opera
critical
nessus

Summary

Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs."

Nessus

NASL familyGentoo Local Security Checks
NASL idGENTOO_GLSA-200804-14.NASL
descriptionThe remote host is affected by the vulnerability described in GLSA-200804-14 (Opera: Multiple vulnerabilities) Michal Zalewski reported two vulnerabilities, memory corruption when adding news feed sources from a website (CVE-2008-1761) as well as when processing HTML CANVAS elements to use scaled images (CVE-2008-1762). Additionally, an unspecified weakness related to keyboard handling of password inputs has been reported (CVE-2008-1764). Impact : A remote attacker could entice a user to visit a specially crafted web site or news feed and possibly execute arbitrary code with the privileges of the user running Opera. Workaround : There is no known workaround at this time.
last seen2020-06-01
modified2020-06-02
plugin id31961
published2008-04-17
reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/31961
titleGLSA-200804-14 : Opera: Multiple vulnerabilities
code
#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200804-14.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(31961);
  script_version("1.16");
  script_cvs_date("Date: 2019/08/02 13:32:44");

  script_cve_id("CVE-2008-1761", "CVE-2008-1762", "CVE-2008-1764");
  script_xref(name:"GLSA", value:"200804-14");

  script_name(english:"GLSA-200804-14 : Opera: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200804-14
(Opera: Multiple vulnerabilities)

    Michal Zalewski reported two vulnerabilities, memory corruption when
    adding news feed sources from a website (CVE-2008-1761) as well as when
    processing HTML CANVAS elements to use scaled images (CVE-2008-1762).
    Additionally, an unspecified weakness related to keyboard handling of
    password inputs has been reported (CVE-2008-1764).
  
Impact :

    A remote attacker could entice a user to visit a specially crafted web
    site or news feed and possibly execute arbitrary code with the
    privileges of the user running Opera.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200804-14"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All Opera users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=www-client/opera-9.27'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_cwe_id(399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:opera");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/04/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/17");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"www-client/opera", unaffected:make_list("ge 9.27"), vulnerable:make_list("lt 9.27"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Opera");
}