Vulnerabilities > CVE-2011-2618 - Resource Management Errors vulnerability in Opera Browser

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
opera
CWE-399
nessus

Summary

Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via web script that moves a (1) AUDIO element or (2) VIDEO element between windows.

Vulnerable Configurations

Part Description Count
Application
Opera
123

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyWindows
    NASL idOPERA_1150.NASL
    descriptionThe version of Opera installed on the remote Windows host is earlier than 11.50 and thus potentially affected by multiple vulnerabilities: - An error exists in the handling of data URIs that allows cross-site scripting in some unspecified cases. (Issue #995) - An error exists in the browser
    last seen2020-06-01
    modified2020-06-02
    plugin id55470
    published2011-06-30
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55470
    titleOpera < 11.50 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(55470);
      script_version("1.12");
      script_cvs_date("Date: 2018/11/15 20:50:27");
    
      script_cve_id(
        "CVE-2011-1337", 
        "CVE-2011-2609", 
        "CVE-2011-2610",
        "CVE-2011-2611",
        "CVE-2011-2612",
        "CVE-2011-2613",
        "CVE-2011-2614",
        "CVE-2011-2615",
        "CVE-2011-2616",
        "CVE-2011-2617",
        "CVE-2011-2618",
        "CVE-2011-2619",
        "CVE-2011-2620",
        "CVE-2011-2621",
        "CVE-2011-2622",
        "CVE-2011-2623",
        "CVE-2011-2624",
        "CVE-2011-2625",
        "CVE-2011-2626",
        "CVE-2011-2627" 
      );
      script_bugtraq_id(48500, 48501, 48556, 48568);
      script_xref(name:"Secunia", value:"45060");
    
      script_name(english:"Opera < 11.50 Multiple Vulnerabilities");
      script_summary(english:"Checks version number of Opera");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host contains a web browser that is affected by multiple
    vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Opera installed on the remote Windows host is earlier
    than 11.50 and thus potentially affected by multiple vulnerabilities:
    
      - An error exists in the handling of data URIs that
        allows cross-site scripting in some unspecified cases. 
        (Issue #995)
    
      - An error exists in the browser's handling of error 
        pages. Opera generates error pages in response to an
        invalid URL. If enough invalid URLs are attempted, the
        host's disk space is eventually filled, the browser
        crashes and the error files are left behind. 
        (Issue #996)
    
      - An additional, moderately severe and unspecified error
        exists. Details regarding this error are to be released
        in the future. (CVE-2011-2610)
    
      - Several unspecified errors exist that can cause 
        application crashes. Affected items or functionaility
        are: printing, unspecified web content, JavaScript
        Array.prototype.join method, drawing paths with many
        characters, selecting text nodes, iframes, 
        closed or removed pop-up windows, moving audio or
        video elements between windows, canvas elements, SVG
        items, CSS files, form layouts, web workers, SVG BiDi,
        large tables and print preview, select elements with
        many items, and the src attribute of the iframe element.
        (CVE-2011-2611, CVE-2011-2612, CVE-2011-2613, 
        CVE-2011-2614, CVE-2011-2615, CVE-2011-2616,
        CVE-2011-2617, CVE-2011-2618, CVE-2011-2619,
        CVE-2011-2620, CVE-2011-2621, CVE-2011-2622,
        CVE-2011-2623, CVE-2011-2624, CVE-2011-2625,
        CVE-2011-2626, CVE-2011-2627)");
      script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20130223103501/http://www.opera.com/support/kb/view/995/");
      script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20130223103505/http://www.opera.com/support/kb/view/996/");
      script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20170912120426/http://www.opera.com/docs/changelogs/windows/1150/");
      script_set_attribute(attribute:"solution", value:"Upgrade to Opera 11.50 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/06/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/06/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/06/30");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
    
      script_dependencies("opera_installed.nasl");
      script_require_keys("SMB/Opera/Version");
    
      exit(0);
    }
    
    include("global_settings.inc");
    include("misc_func.inc");
    
    version = get_kb_item_or_exit("SMB/Opera/Version");
    version_ui = get_kb_item("SMB/Opera/Version_UI");
    
    if (isnull(version_ui)) version_report = version;
    else version_report = version_ui; 
    
    fixed_version = "11.50.1074.0";
    
    # Check if we need to display full version info in case of Alpha/Beta/RC
    major_minor = eregmatch(string:version, pattern:"^([0-9]+\.[0-9]+)");
    if (major_minor[1] == "11.50")
    {
      fixed_version_report = fixed_version;
      version_report = version;
    }
    else
      fixed_version_report = "11.50";
    
    if (ver_compare(ver:version, fix:fixed_version) == -1)
    {
      if (report_verbosity > 0)
      {
        install_path = get_kb_item("SMB/Opera/Path");
    
        report = 
          '\n  Path              : ' + install_path +
          '\n  Installed version : ' + version_report +
          '\n  Fixed version     : ' + fixed_version_report +
          '\n';
        security_hole(port:get_kb_item("SMB/transport"), extra:report);
      }
      else security_hole(port:get_kb_item("SMB/transport"));
      exit(0);
    }
    else exit(0, "The host is not affected since Opera "+version_report+" is installed.");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_OPERA-110711.NASL
    descriptionopera 11.50 has been released, fixing numerous vulnerabilities. The full changelog is available at http://www.opera.com/docs/changelogs/unix/1150/
    last seen2020-06-01
    modified2020-06-02
    plugin id75696
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75696
    titleopenSUSE Security Update : opera (openSUSE-SU-2011:0790-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update opera-4860.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75696);
      script_version("1.5");
      script_cvs_date("Date: 2019/10/25 13:36:41");
    
      script_cve_id("CVE-2011-1337", "CVE-2011-2609", "CVE-2011-2610", "CVE-2011-2611", "CVE-2011-2612", "CVE-2011-2613", "CVE-2011-2614", "CVE-2011-2615", "CVE-2011-2616", "CVE-2011-2617", "CVE-2011-2618", "CVE-2011-2619", "CVE-2011-2620", "CVE-2011-2621", "CVE-2011-2622", "CVE-2011-2623", "CVE-2011-2624", "CVE-2011-2625", "CVE-2011-2626", "CVE-2011-2627");
    
      script_name(english:"openSUSE Security Update : opera (openSUSE-SU-2011:0790-1)");
      script_summary(english:"Check for the opera-4860 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "opera 11.50 has been released, fixing numerous vulnerabilities.
    
    The full changelog is available at
    http://www.opera.com/docs/changelogs/unix/1150/"
      );
      # http://www.opera.com/docs/changelogs/unix/1150/
      script_set_attribute(
        attribute:"see_also",
        value:"https://help.opera.com/en/latest/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=703668"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2011-07/msg00020.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected opera packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:opera");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:opera-gtk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:opera-kde4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/07/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.3", reference:"opera-11.50-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"opera-gtk-11.50-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.3", reference:"opera-kde4-11.50-0.2.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "opera");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201206-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201206-03 (Opera: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted web page, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. A remote attacker may be able to: trick users into downloading and executing arbitrary files, bypass intended access restrictions, spoof trusted content, spoof URLs, bypass the Same Origin Policy, obtain sensitive information, force subscriptions to arbitrary feeds, bypass the popup blocker, bypass CSS filtering, conduct cross-site scripting attacks, or have other unknown impact. A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application or possibly obtain sensitive information. A physically proximate attacker may be able to access an email account. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id59631
    published2012-06-21
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/59631
    titleGLSA-201206-03 : Opera: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201206-03.
    #
    # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(59631);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/16 10:34:21");
    
      script_cve_id("CVE-2009-1234", "CVE-2009-2059", "CVE-2009-2063", "CVE-2009-2067", "CVE-2009-2070", "CVE-2009-3013", "CVE-2009-3044", "CVE-2009-3045", "CVE-2009-3046", "CVE-2009-3047", "CVE-2009-3048", "CVE-2009-3049", "CVE-2009-3831", "CVE-2009-4071", "CVE-2009-4072", "CVE-2010-0653", "CVE-2010-1349", "CVE-2010-1989", "CVE-2010-1993", "CVE-2010-2121", "CVE-2010-2421", "CVE-2010-2455", "CVE-2010-2576", "CVE-2010-2658", "CVE-2010-2659", "CVE-2010-2660", "CVE-2010-2661", "CVE-2010-2662", "CVE-2010-2663", "CVE-2010-2664", "CVE-2010-2665", "CVE-2010-3019", "CVE-2010-3020", "CVE-2010-3021", "CVE-2010-4579", "CVE-2010-4580", "CVE-2010-4581", "CVE-2010-4582", "CVE-2010-4583", "CVE-2010-4584", "CVE-2010-4585", "CVE-2010-4586", "CVE-2011-0681", "CVE-2011-0682", "CVE-2011-0683", "CVE-2011-0684", "CVE-2011-0685", "CVE-2011-0686", "CVE-2011-0687", "CVE-2011-1337", "CVE-2011-1824", "CVE-2011-2609", "CVE-2011-2610", "CVE-2011-2611", "CVE-2011-2612", "CVE-2011-2613", "CVE-2011-2614", "CVE-2011-2615", "CVE-2011-2616", "CVE-2011-2617", "CVE-2011-2618", "CVE-2011-2619", "CVE-2011-2620", "CVE-2011-2621", "CVE-2011-2622", "CVE-2011-2623", "CVE-2011-2624", "CVE-2011-2625", "CVE-2011-2626", "CVE-2011-2627", "CVE-2011-2628", "CVE-2011-2629", "CVE-2011-2630", "CVE-2011-2631", "CVE-2011-2632", "CVE-2011-2633", "CVE-2011-2634", "CVE-2011-2635", "CVE-2011-2636", "CVE-2011-2637", "CVE-2011-2638", "CVE-2011-2639", "CVE-2011-2640", "CVE-2011-2641", "CVE-2011-3388", "CVE-2011-4065", "CVE-2011-4681", "CVE-2011-4682", "CVE-2011-4683", "CVE-2012-1924", "CVE-2012-1925", "CVE-2012-1926", "CVE-2012-1927", "CVE-2012-1928", "CVE-2012-1930", "CVE-2012-1931", "CVE-2012-3555", "CVE-2012-3556", "CVE-2012-3557", "CVE-2012-3558", "CVE-2012-3560", "CVE-2012-3561");
      script_xref(name:"GLSA", value:"201206-03");
    
      script_name(english:"GLSA-201206-03 : Opera: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201206-03
    (Opera: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in Opera. Please review
          the CVE identifiers referenced below for details.
      
    Impact :
    
        A remote attacker could entice a user to open a specially crafted web
          page, possibly resulting in execution of arbitrary code with the
          privileges of the process or a Denial of Service condition. A remote
          attacker may be able to: trick users into downloading and executing
          arbitrary files, bypass intended access restrictions, spoof trusted
          content, spoof URLs, bypass the Same Origin Policy, obtain sensitive
          information, force subscriptions to arbitrary feeds, bypass the popup
          blocker, bypass CSS filtering, conduct cross-site scripting attacks, or
          have other unknown impact.
        A local attacker could perform symlink attacks to overwrite arbitrary
          files with the privileges of the user running the application or possibly
          obtain sensitive information.
        A physically proximate attacker may be able to access an email account.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201206-03"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Opera users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=www-client/opera-12.00.1467'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(16, 20, 79, 94, 264, 287, 310);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:opera");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/04/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/06/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"www-client/opera", unaffected:make_list("ge 12.00.1467"), vulnerable:make_list("lt 12.00.1467"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Opera");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_OPERA-110707.NASL
    descriptionopera 11.50 fixes several security vulnerabilities. The full changelog is available at http://www.opera.com/docs/changelogs/unix/1150/
    last seen2020-06-01
    modified2020-06-02
    plugin id75983
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75983
    titleopenSUSE Security Update : opera (openSUSE-SU-2011:0790-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update opera-4853.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75983);
      script_version("1.5");
      script_cvs_date("Date: 2019/10/25 13:36:42");
    
      script_cve_id("CVE-2011-1337", "CVE-2011-2609", "CVE-2011-2610", "CVE-2011-2611", "CVE-2011-2612", "CVE-2011-2613", "CVE-2011-2614", "CVE-2011-2615", "CVE-2011-2616", "CVE-2011-2617", "CVE-2011-2618", "CVE-2011-2619", "CVE-2011-2620", "CVE-2011-2621", "CVE-2011-2622", "CVE-2011-2623", "CVE-2011-2624", "CVE-2011-2625", "CVE-2011-2626", "CVE-2011-2627");
    
      script_name(english:"openSUSE Security Update : opera (openSUSE-SU-2011:0790-1)");
      script_summary(english:"Check for the opera-4853 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "opera 11.50 fixes several security vulnerabilities.
    
    The full changelog is available at
    http://www.opera.com/docs/changelogs/unix/1150/"
      );
      # http://www.opera.com/docs/changelogs/unix/1150/
      script_set_attribute(
        attribute:"see_also",
        value:"https://help.opera.com/en/latest/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=703668"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2011-07/msg00020.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected opera packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:opera");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:opera-gtk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:opera-kde4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/07/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.4", reference:"opera-11.50-0.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"opera-gtk-11.50-0.3.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"opera-kde4-11.50-0.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "opera / opera-gtk / opera-kde4");
    }
    

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 48556 CVE ID: CVE-2011-2611,CVE-2011-2612,CVE-2011-2613,CVE-2011-2614,CVE-2011-2615,CVE-2011-2616,CVE-2011-2617,CVE-2011-2618,CVE-2011-2619,CVE-2011-2620,CVE-2011-2621,CVE-2011-2622,CVE-2011-2623,CVE-2011-2624,CVE-2011-2625,CVE-2011-2626,CVE-2011-2627 Opera为来自挪威的一个极为出色的浏览器,具有速度快、节省系统资源、订制能力强、安全性高以及体积小等特点,目前已经是最受欢迎的浏览器之一。 Opera浏览器在实现上时存在多个远程拒绝服务漏洞,远程攻击者可利用这些漏洞使受影响应用程序崩溃,拒绝服务合法用户。 Opera Software Opera Web Browser 9.x Opera Software Opera Web Browser 11.x Opera Software Opera Web Browser 10.x 厂商补丁: Opera Software -------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.opera.com/support/
idSSV:20703
last seen2017-11-19
modified2011-07-07
published2011-07-07
reporterRoot
titleOpera Web浏览器多个远程拒绝服务漏洞