Vulnerabilities > CVE-2013-1618 - Cryptographic Issues vulnerability in Opera Browser
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201406-14.NASL description The remote host is affected by the vulnerability described in GLSA-201406-14 (Opera: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted web page using Opera, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to obtain sensitive information, conduct Cross-Site Scripting (XSS) attacks, or bypass security restrictions. A local attacker may be able to obtain sensitive information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 76065 published 2014-06-16 reporter This script is Copyright (C) 2014-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76065 title GLSA-201406-14 : Opera: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201406-14. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(76065); script_version("$Revision: 1.3 $"); script_cvs_date("$Date: 2015/04/13 14:27:08 $"); script_cve_id("CVE-2012-6461", "CVE-2012-6462", "CVE-2012-6463", "CVE-2012-6464", "CVE-2012-6465", "CVE-2012-6466", "CVE-2012-6467", "CVE-2012-6468", "CVE-2012-6469", "CVE-2012-6470", "CVE-2012-6471", "CVE-2012-6472", "CVE-2013-1618", "CVE-2013-1637", "CVE-2013-1638", "CVE-2013-1639"); script_bugtraq_id(56407, 56594, 56788, 56980, 56984, 57120, 57121, 57132, 57633, 57773); script_xref(name:"GLSA", value:"201406-14"); script_name(english:"GLSA-201406-14 : Opera: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201406-14 (Opera: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted web page using Opera, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to obtain sensitive information, conduct Cross-Site Scripting (XSS) attacks, or bypass security restrictions. A local attacker may be able to obtain sensitive information. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201406-14" ); script_set_attribute( attribute:"solution", value: "All Opera users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-client/opera-12.13_p1734'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:opera"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/06/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-client/opera", unaffected:make_list("ge 12.13_p1734"), vulnerable:make_list("lt 12.13_p1734"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Opera"); }NASL family Windows NASL id OPERA_1213.NASL description The version of Opera installed on the remote host is earlier than 12.13 and is, therefore, reportedly affected by the following vulnerabilities : - An error exists related to DOM manipulation that could lead to application crashes or arbitrary code execution. (1042) - A use-after-free error exists related to SVG last seen 2020-06-01 modified 2020-06-02 plugin id 64363 published 2013-01-30 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64363 title Opera < 12.13 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(64363); script_version("1.13"); script_cvs_date("Date: 2018/11/15 20:50:27"); script_cve_id("CVE-2013-1618", "CVE-2013-1637", "CVE-2013-1638", "CVE-2013-1639"); script_bugtraq_id(57633, 57773); script_xref(name:"EDB-ID", value:"24448"); script_name(english:"Opera < 12.13 Multiple Vulnerabilities"); script_summary(english:"Checks version number of Opera"); script_set_attribute(attribute:"synopsis", value: "The remote host contains a web browser that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Opera installed on the remote host is earlier than 12.13 and is, therefore, reportedly affected by the following vulnerabilities : - An error exists related to DOM manipulation that could lead to application crashes or arbitrary code execution. (1042) - A use-after-free error exists related to SVG 'clipPaths' that could lead to memory corruption or arbitrary code execution. (1043) - An error exists related to the TLS protocol, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. (1044) - The application could fail to make the proper 'pre- flight' Cross-Origin Resource Sharing (CORS) requests. In some situations this error could aid an attacker in cross-site request forgery (CSRF) attacks. (1045) - An unspecified, low severity issue exists that has an unspecified impact."); script_set_attribute(attribute:"see_also", value:"http://www.opera.com/support/kb/view/1042/"); script_set_attribute(attribute:"see_also", value:"http://www.opera.com/support/kb/view/1043/"); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20130223094425/http://www.opera.com/support/kb/view/1044/"); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20130223094428/http://www.opera.com/support/kb/view/1045/"); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20170911062424/http://www.opera.com:80/docs/changelogs/unified/1213/"); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d06fb57f"); script_set_attribute(attribute:"see_also", value:"http://www.isg.rhul.ac.uk/tls/"); script_set_attribute(attribute:"solution", value: "Upgrade to Opera 12.13 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/30"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/30"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("opera_installed.nasl"); script_require_keys("SMB/Opera/Version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("SMB/Opera/Version"); path = get_kb_item_or_exit("SMB/Opera/Path"); version_ui = get_kb_item("SMB/Opera/Version_UI"); if (isnull(version_ui)) version_report = version; else version_report = version_ui; fixed_version = "12.13.1734.0"; # Check if we need to display full version info in case of Alpha/Beta/RC major_minor = eregmatch(string:version, pattern:"^([0-9]+\.[0-9]+)"); if (major_minor[1] == "12.13") { fixed_version_report = fixed_version; version_report = version; } else fixed_version_report = "12.13"; if (ver_compare(ver:version, fix:fixed_version) == -1) { port = get_kb_item("SMB/transport"); if (!port) port = 445; set_kb_item(name:"www/"+port+"/XSRF", value:TRUE); if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + version_report + '\n Fixed version : ' + fixed_version_report + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_INST_PATH_NOT_VULN, "Opera", version_report, path);NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-113.NASL description Opera was updated to 12.14 version fixing stability issues. This update also consists updates for Opera 12.13 which is a recommended upgrade offering security and stability enhancements. -fixed an issue where Opera gets internal communication errors on Facebook -fixed an issue where no webpages load on startup, if Opera is disconnected from the Internet -fixed an issue where images will not load after back navigation, when a site uses the HTML5 history API (deviantart.com) -improved protection against hijacking of the default search, including a one-time reset -fixed an issue where DOM events manipulation might be used to execute arbitrary code; -fixed an issue where use of SVG clipPaths could allow execution of arbitrary code; -CVE-2013-1618: Fixed a TLS information leak. -fixed an issue where CORS requests could omit the preflight request; last seen 2020-06-05 modified 2014-06-13 plugin id 74888 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74888 title openSUSE Security Update : Opera (openSUSE-SU-2013:0289-2)