Vulnerabilities > CVE-2009-3044 - Cryptographic Issues vulnerability in Opera Browser

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
opera
CWE-310
nessus
NVD
Published: 2009-09-02
Updated: 2024-11-21

Summary

Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Vulnerable Configurations

Part Description Count
Application
Opera
115

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

  • NASL familyWindows
    NASL idOPERA_1000.NASL
    descriptionThe version of Opera installed on the remote host is earlier than 10.0 and thus reportedly affected by multiple issues : - Opera does not check the revocation status for intermediate certificates not served by the server. If the intermediate is revoked, this might not impact the security rating in Opera, and the site might be shown as secure. (929) - The collapsed Address bar can in some cases temporarily show the previous domain of the present site. (930) - Some Unicode characters are treated incorrectly which might cause international domain names that use them to be shown in the wrong format. Showing these addresses in Unicode instead of punycode could allow for limited address spoofing. (932) - The application trusts root X.509 certificates signed with the MD2 algorithm. (933) - Certificates which use a wild card immediately before the top level domain, or nulls in the domain name, may pass validation checks in Opera. Sites using such certificates may then incorrectly be presented as secure. (934)
    last seen2020-06-01
    modified2020-06-02
    plugin id40827
    published2009-09-01
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40827
    titleOpera < 10.0 Multiple Vulnerabilities
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(40827);
  script_version("1.11");

  script_cve_id(
    "CVE-2009-3044",
    "CVE-2009-3045",
    "CVE-2009-3046",
    "CVE-2009-3047",
    "CVE-2009-3049"
  );
  script_bugtraq_id(36202);
  script_xref(name:"Secunia", value:"36414");
  
  script_name(english:"Opera < 10.0 Multiple Vulnerabilities");
  script_summary(english:"Checks version number of Opera");

  script_set_attribute(attribute:"synopsis",value:
"The remote host contains a web browser that is affected by multiple
issues."
  );
  script_set_attribute(attribute:"description", value:
"The version of Opera installed on the remote host is earlier than
10.0 and thus reportedly affected by multiple issues :

  - Opera does not check the revocation status for
    intermediate certificates not served by the server. If
    the intermediate is revoked, this might not impact the
    security rating in Opera, and the site might be shown as
    secure. (929)

  - The collapsed Address bar can in some cases temporarily
    show the previous domain of the present site. (930)

  - Some Unicode characters are treated incorrectly which
    might cause international domain names that use them to
    be shown in the wrong format. Showing these addresses in
    Unicode instead of punycode could allow for limited
    address spoofing. (932)

  - The application trusts root X.509 certificates signed 
    with the MD2 algorithm. (933)

  - Certificates which use a wild card immediately before
    the top level domain, or nulls in the domain name, may
    pass validation checks in Opera. Sites using such
    certificates may then incorrectly be presented as
    secure. (934)"
  );

  script_set_attribute(attribute:"see_also",
    value:"http://web.archive.org/web/20130225215019/http://www.opera.com/support/kb/view/929/"
  );
  script_set_attribute(attribute:"see_also",
    value:"http://web.archive.org/web/20130225215023/http://www.opera.com/support/kb/view/930/"
  );
  script_set_attribute(attribute:"see_also",
    value:"http://web.archive.org/web/20130225215026/http://www.opera.com/support/kb/view/932/"
  );
  script_set_attribute(attribute:"see_also",
    value:"http://web.archive.org/web/20130225215016/http://www.opera.com/support/kb/view/933/"
  );
  script_set_attribute(attribute:"see_also",
    value:"http://web.archive.org/web/20130225215029/http://www.opera.com/support/kb/view/934/"
  );
  script_set_attribute(attribute:"solution", 
    value:"Upgrade to Opera 10.0 or later."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(264, 310);
  script_set_attribute(attribute:"vuln_publication_date",
    value:"2009/09/01"
  );
  script_set_attribute(attribute:"patch_publication_date",
    value:"2009/09/01"
  );
  script_set_attribute(attribute:"plugin_publication_date",
    value:"2009/09/01"
  );
 script_cvs_date("Date: 2018/11/15 20:50:27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser");
script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");

  script_dependencies("opera_installed.nasl");
  script_require_keys("SMB/Opera/Version");

  exit(0);
}

include("global_settings.inc");

version_ui = get_kb_item("SMB/Opera/Version_UI");
version = get_kb_item("SMB/Opera/Version");
if (isnull(version)) exit(1, "Opera version info was not found in the registry.");

ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

if (ver[0] < 10)
{
  if (report_verbosity > 0 && version_ui)
  {
    report = string(
      "\n",
      "Opera ", version_ui, " is currently installed on the remote host.\n"
    );
    security_warning(port:get_kb_item("SMB/transport"), extra:report);
  }
  else security_warning(port:get_kb_item("SMB/transport"));
}
exit(0, "The installed version of Opera is not affected");
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201206-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201206-03 (Opera: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted web page, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. A remote attacker may be able to: trick users into downloading and executing arbitrary files, bypass intended access restrictions, spoof trusted content, spoof URLs, bypass the Same Origin Policy, obtain sensitive information, force subscriptions to arbitrary feeds, bypass the popup blocker, bypass CSS filtering, conduct cross-site scripting attacks, or have other unknown impact. A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application or possibly obtain sensitive information. A physically proximate attacker may be able to access an email account. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id59631
    published2012-06-21
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59631
    titleGLSA-201206-03 : Opera: Multiple vulnerabilities
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201206-03.
#
# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(59631);
  script_version("1.7");
  script_cvs_date("Date: 2019/10/16 10:34:21");

  script_cve_id("CVE-2009-1234", "CVE-2009-2059", "CVE-2009-2063", "CVE-2009-2067", "CVE-2009-2070", "CVE-2009-3013", "CVE-2009-3044", "CVE-2009-3045", "CVE-2009-3046", "CVE-2009-3047", "CVE-2009-3048", "CVE-2009-3049", "CVE-2009-3831", "CVE-2009-4071", "CVE-2009-4072", "CVE-2010-0653", "CVE-2010-1349", "CVE-2010-1989", "CVE-2010-1993", "CVE-2010-2121", "CVE-2010-2421", "CVE-2010-2455", "CVE-2010-2576", "CVE-2010-2658", "CVE-2010-2659", "CVE-2010-2660", "CVE-2010-2661", "CVE-2010-2662", "CVE-2010-2663", "CVE-2010-2664", "CVE-2010-2665", "CVE-2010-3019", "CVE-2010-3020", "CVE-2010-3021", "CVE-2010-4579", "CVE-2010-4580", "CVE-2010-4581", "CVE-2010-4582", "CVE-2010-4583", "CVE-2010-4584", "CVE-2010-4585", "CVE-2010-4586", "CVE-2011-0681", "CVE-2011-0682", "CVE-2011-0683", "CVE-2011-0684", "CVE-2011-0685", "CVE-2011-0686", "CVE-2011-0687", "CVE-2011-1337", "CVE-2011-1824", "CVE-2011-2609", "CVE-2011-2610", "CVE-2011-2611", "CVE-2011-2612", "CVE-2011-2613", "CVE-2011-2614", "CVE-2011-2615", "CVE-2011-2616", "CVE-2011-2617", "CVE-2011-2618", "CVE-2011-2619", "CVE-2011-2620", "CVE-2011-2621", "CVE-2011-2622", "CVE-2011-2623", "CVE-2011-2624", "CVE-2011-2625", "CVE-2011-2626", "CVE-2011-2627", "CVE-2011-2628", "CVE-2011-2629", "CVE-2011-2630", "CVE-2011-2631", "CVE-2011-2632", "CVE-2011-2633", "CVE-2011-2634", "CVE-2011-2635", "CVE-2011-2636", "CVE-2011-2637", "CVE-2011-2638", "CVE-2011-2639", "CVE-2011-2640", "CVE-2011-2641", "CVE-2011-3388", "CVE-2011-4065", "CVE-2011-4681", "CVE-2011-4682", "CVE-2011-4683", "CVE-2012-1924", "CVE-2012-1925", "CVE-2012-1926", "CVE-2012-1927", "CVE-2012-1928", "CVE-2012-1930", "CVE-2012-1931", "CVE-2012-3555", "CVE-2012-3556", "CVE-2012-3557", "CVE-2012-3558", "CVE-2012-3560", "CVE-2012-3561");
  script_xref(name:"GLSA", value:"201206-03");

  script_name(english:"GLSA-201206-03 : Opera: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-201206-03
(Opera: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Opera. Please review
      the CVE identifiers referenced below for details.
  
Impact :

    A remote attacker could entice a user to open a specially crafted web
      page, possibly resulting in execution of arbitrary code with the
      privileges of the process or a Denial of Service condition. A remote
      attacker may be able to: trick users into downloading and executing
      arbitrary files, bypass intended access restrictions, spoof trusted
      content, spoof URLs, bypass the Same Origin Policy, obtain sensitive
      information, force subscriptions to arbitrary feeds, bypass the popup
      blocker, bypass CSS filtering, conduct cross-site scripting attacks, or
      have other unknown impact.
    A local attacker could perform symlink attacks to overwrite arbitrary
      files with the privileges of the user running the application or possibly
      obtain sensitive information.
    A physically proximate attacker may be able to access an email account.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201206-03"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All Opera users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose '>=www-client/opera-12.00.1467'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_cwe_id(16, 20, 79, 94, 264, 287, 310);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:opera");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/04/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/06/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/21");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"www-client/opera", unaffected:make_list("ge 12.00.1467"), vulnerable:make_list("lt 12.00.1467"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Opera");
}

Oval

accepted2014-03-17T04:00:28.529-04:00
classvulnerability
contributors
  • nameChandan S
    organizationSecPod Technologies
  • nameJosh Turpin
    organizationSymantec Corporation
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
commentOpera Browser is installed
ovaloval:org.mitre.oval:def:6482
descriptionOpera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
familywindows
idoval:org.mitre.oval:def:6444
statusaccepted
submitted2009-09-24T12:57:10
titleOpera before 10.00 does not properly handle a \0 character or invalid wildcard character
version11

References