Vulnerabilities > CVE-2009-3831 - Out-of-bounds Write vulnerability in Opera Browser
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_2_OPERA-091109.NASL description Version upgrade of Opera to 10.1 to fix : - CVE-2009-3265: CVSS v2 Base Score: 4.3 CVE-2009-3266: CVSS v2 Base Score: 4.3 two XSS attacks via RSS/Atom - CVE-2009-3831: CVSS v2 Base Score: 9.3 possible remote arbitrary code execution via crafted domain names last seen 2020-06-01 modified 2020-06-02 plugin id 42464 published 2009-11-11 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42464 title openSUSE Security Update : opera (opera-1532) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update opera-1532. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(42464); script_version("1.9"); script_cvs_date("Date: 2019/10/25 13:36:35"); script_cve_id("CVE-2009-3265", "CVE-2009-3266", "CVE-2009-3831"); script_name(english:"openSUSE Security Update : opera (opera-1532)"); script_summary(english:"Check for the opera-1532 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Version upgrade of Opera to 10.1 to fix : - CVE-2009-3265: CVSS v2 Base Score: 4.3 CVE-2009-3266: CVSS v2 Base Score: 4.3 two XSS attacks via RSS/Atom - CVE-2009-3831: CVSS v2 Base Score: 9.3 possible remote arbitrary code execution via crafted domain names" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=541665" ); script_set_attribute(attribute:"solution", value:"Update the affected opera package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(79, 94); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:opera"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.2", reference:"opera-10.01-1.1.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "opera"); }NASL family Windows NASL id OPERA_1001.NASL description The version of Opera installed on the remote host is earlier than 10.01. Such versions are potential affected by multiple issues : - Specially crafted domain names can cause a memory corruption in Opera, which may lead to a crash or possibly remote code execution. (938) - Opera may allow scripts to run on the feed subscription page, thereby gaining access to the feeds object. (939) - In some cases, a Web font intended to be used for page content could be incorrectly used by Opera to render parts of the user interface, including the address field. (940) last seen 2020-06-01 modified 2020-06-02 plugin id 42291 published 2009-10-28 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42291 title Opera < 10.01 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(42291); script_version("1.12"); script_cve_id( "CVE-2009-3265", "CVE-2009-3266", "CVE-2009-3831", "CVE-2009-3832" ); script_bugtraq_id(36418, 36850); script_xref(name:"Secunia", value:"37182"); script_name(english:"Opera < 10.01 Multiple Vulnerabilities"); script_summary(english:"Checks version number of Opera"); script_set_attribute( attribute:"synopsis", value: "The remote host contains a web browser that is affected by multiple issues." ); script_set_attribute( attribute:"description", value: "The version of Opera installed on the remote host is earlier than 10.01. Such versions are potential affected by multiple issues : - Specially crafted domain names can cause a memory corruption in Opera, which may lead to a crash or possibly remote code execution. (938) - Opera may allow scripts to run on the feed subscription page, thereby gaining access to the feeds object. (939) - In some cases, a Web font intended to be used for page content could be incorrectly used by Opera to render parts of the user interface, including the address field. (940)" ); script_set_attribute( attribute:"see_also", value:"http://www.opera.com/support/kb/view/938/" ); script_set_attribute( attribute:"see_also", value:"http://www.opera.com/support/kb/view/939/" ); script_set_attribute( attribute:"see_also", value:"http://web.archive.org/web/20130225211702/http://www.opera.com/support/kb/view/940/" ); script_set_attribute( attribute:"see_also", value:"http://web.archive.org/web/20170713152027/http://www.opera.com:80/docs/changelogs/windows/1001/" ); script_set_attribute( attribute:"solution", value:"Upgrade to Opera 10.01 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 79, 94); script_set_attribute( attribute:"vuln_publication_date", value:"2009/10/28" ); script_set_attribute( attribute:"patch_publication_date", value:"2009/10/28" ); script_set_attribute( attribute:"plugin_publication_date", value:"2009/10/28" ); script_cvs_date("Date: 2018/11/15 20:50:27"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("opera_installed.nasl"); script_require_keys("SMB/Opera/Version"); exit(0); } include("global_settings.inc"); version_ui = get_kb_item("SMB/Opera/Version_UI"); version = get_kb_item("SMB/Opera/Version"); if (isnull(version)) exit(1, "The 'SMB/Opera/Version' KB item is missing."); ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); if (ver[0] < 10 || (ver[0] == 10 && ver[1] < 1) ) { if (report_verbosity > 0 && version_ui) { report = string( "\n", "Opera ", version_ui, " is currently installed on the remote host.\n" ); security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(port:get_kb_item("SMB/transport")); exit(0); } exit(0, "The installed version of Opera is not affected.");NASL family SuSE Local Security Checks NASL id SUSE_11_1_OPERA-091109.NASL description Version upgrade of Opera to 10.1 to fix : - CVE-2009-3265: CVSS v2 Base Score: 4.3 CVE-2009-3266: CVSS v2 Base Score: 4.3 two XSS attacks via RSS/Atom - CVE-2009-3831: CVSS v2 Base Score: 9.3 possible remote arbitrary code execution via crafted domain names last seen 2020-06-01 modified 2020-06-02 plugin id 42461 published 2009-11-11 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42461 title openSUSE Security Update : opera (opera-1532) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_2FDA6BD2C53C11DEB157001999392805.NASL description Opera Team Reports : - Fixed an issue where certain domain names could allow execution of arbitrary code, as reported by Chris Weber of Casaba Security - Fixed an issue where scripts can run on the feed subscription page, as reported by Inferno last seen 2020-06-01 modified 2020-06-02 plugin id 42331 published 2009-11-02 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/42331 title FreeBSD : opera -- multiple vulnerabilities (2fda6bd2-c53c-11de-b157-001999392805) NASL family SuSE Local Security Checks NASL id SUSE_11_0_OPERA-091109.NASL description Version upgrade of Opera to 10.1 to fix : - CVE-2009-3265: CVSS v2 Base Score: 4.3 CVE-2009-3266: CVSS v2 Base Score: 4.3 two XSS attacks via RSS/Atom - CVE-2009-3831: CVSS v2 Base Score: 9.3 possible remote arbitrary code execution via crafted domain names last seen 2020-06-01 modified 2020-06-02 plugin id 42458 published 2009-11-11 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42458 title openSUSE Security Update : opera (opera-1532) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201206-03.NASL description The remote host is affected by the vulnerability described in GLSA-201206-03 (Opera: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted web page, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. A remote attacker may be able to: trick users into downloading and executing arbitrary files, bypass intended access restrictions, spoof trusted content, spoof URLs, bypass the Same Origin Policy, obtain sensitive information, force subscriptions to arbitrary feeds, bypass the popup blocker, bypass CSS filtering, conduct cross-site scripting attacks, or have other unknown impact. A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application or possibly obtain sensitive information. A physically proximate attacker may be able to access an email account. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 59631 published 2012-06-21 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59631 title GLSA-201206-03 : Opera: Multiple vulnerabilities
Oval
| accepted | 2013-12-23T04:01:48.695-05:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name. | ||||||||||||
| family | windows | ||||||||||||
| id | oval:org.mitre.oval:def:6574 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2009-11-24T10:15:45.529 | ||||||||||||
| title | Memory corruption error in Opera before 10.01 when processing malformed domain names | ||||||||||||
| version | 9 |
References
- http://www.opera.com/docs/changelogs/unix/1001/
- http://www.opera.com/support/kb/view/938/
- http://www.vupen.com/english/advisories/2009/3073
- http://www.opera.com/docs/changelogs/mac/1001/
- http://www.securityfocus.com/bid/36850
- http://secunia.com/advisories/37182
- http://www.opera.com/docs/changelogs/windows/1001/
- http://www.osvdb.org/59357
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54020
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6574