Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.



Windows 7: Heads up Opera users. New Vulnerability.

04 Mar 2010   #1

Windows 7 RTM
 
 
Heads up Opera users. New Vulnerability.

Opera's latest release of 10.5 has a 'highly critical' security flaw. Secuina reports that this vulnerability may allow execution of remote code, and that it may also impact version 10.1 as well as 10.5. You can read more about it at this link.

Quote:
Marcin Ressel has discovered a vulnerability in Opera, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when processing HTTP responses having a malformed "Content-Length" header. This can be exploited to cause a heap-based buffer overflow via an overly large 64-bit "Content-Length" value, having the higher 32-bit part negative.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 10.50 for Windows. Other versions may also be affected.

Solution
Do not browse untrusted websites or follow untrusted links.


My System SpecsSystem Spec
.

05 Mar 2010   #2
sa1

Win XP
 
 

Secunia advisory 38820 (Content-Length Buffer Overflow in 10.50) turned out to be invalid. It is not exploitable.

Twitter / Haavard: Secunia advisory 38820 (Co ...
My System SpecsSystem Spec
05 Mar 2010   #3

Windows 7 RTM
 
 

Quote   Quote: Originally Posted by sa1 View Post
Secunia advisory 38820 (Content-Length Buffer Overflow in 10.50) turned out to be invalid. It is not exploitable.

Twitter / Haavard: Secunia advisory 38820 (Co ...
Oh believe me, it's exploitable. Plenty much so. There are proof of concept attacks already published on the web, but I won't link to live exploits on this forum. I wouldn't be surprised if Opera is just trying to downplay this issue to the point of making people not care about it, because they just released 10.5 and it'll be another few months before they fix the gaping security hole.

I'm pretty sure they're going to get into BIG trouble over this one if they play it that way. That's what got Adobe into trouble with the Aurora attacks, and one of the reasons that Google got hacked.
My System SpecsSystem Spec
.


05 Mar 2010   #4
sa1

Win XP
 
 

Can you PM me a link where the php code works? (Only if its acceptable to you. I won't spread it.). I want to try for myself.
I don't know if they are playing the security-by-obscurity card. But haavard is only an employee and this is not the official Opera reply yet. At least they have a good track record at patching vulnerabilities quickly that do make it out into the open unlike IE. So hopefully if what you are saying is true, it should be fixed quickly.
My System SpecsSystem Spec
05 Mar 2010   #5

Windows 7 RTM
 
 

Quote   Quote: Originally Posted by sa1 View Post
Can you PM me a link where the php code works? (Only if its acceptable to you. I won't spread it.). I want to try for myself.
I don't know if they are playing the security-by-obscurity card. But haavard is only an employee and this is not the official Opera reply yet. At least they have a good track record at patching vulnerabilities quickly that do make it out into the open unlike IE. So hopefully if what you are saying is true, it should be fixed quickly.
Sure, I'll PM you with the URL to the PHP exploit as soon as I can. EDIT: For some reason the forums say you've been set to not receive private messages. Sorry, I can't seem to send you the link because of this!

Notable, SANS just picked up this story as well. Their reporting says that there are actually two overflow vulnerabilities - one is a DoS crash, the other allows remote code execution. See this story for more details.
My System SpecsSystem Spec
05 Mar 2010   #6

Windows® 8 Pro (64-bit)
 
 

Never used Opera.
My System SpecsSystem Spec
05 Mar 2010   #7
sa1

Win XP
 
 

Don't know why I am not configured to receive PMs but I didn't find an option.
However I found the php exploit on the web.
I was not able to make it run on my localhost. Not sure if there are any requirements.
Regarding the DoS problem, thats not a security issue in my opinion, more a stability issue. You won't be compromised that way.
Edit: haavard posted yet another message:
http://twitter.com/opvard/status/10034578436
My System SpecsSystem Spec
06 Mar 2010   #8

Windows 7 Home Premium 64-bit
 
 

Quote   Quote: Originally Posted by Dinesh View Post
Never used Opera.
Then you are missing out. Opera is the ONLY browser I will ever use. This 10.50 version is fast...very, very fast.
My System SpecsSystem Spec
06 Mar 2010   #9

Windows Seven x64
 
 

Quote   Quote: Originally Posted by TheIgster View Post
Quote   Quote: Originally Posted by Dinesh View Post
Never used Opera.
Then you are missing out. Opera is the ONLY browser I will ever use. This 10.50 version is fast...very, very fast.
Eh I dont know it crashes on heavy flash based websites like this sometimes.
allkpop ? breaking k-pop celebrity gossip and news!

Believe me i like Opera a lot but its still not ready. Its adobe issue with flash but I also hate that it appears with multiples on my task bar instead of me using the tabs built into the browser. I like the sleekness but what made it a very fun browser has me lost. I am not willing to part because of its gestures for right and left clicking with forward and backwards on web-pages.
Jump-list and private is nice but I think ill roll back to 10.1 today
My System SpecsSystem Spec
06 Mar 2010   #10

Windows 7 Ultimate 32-bit Version 6.1 (build 7600.16385)
 
 

Awww...I was just planning on a move. Oh well back to Firefox...
My System SpecsSystem Spec
Reply

 Heads up Opera users. New Vulnerability.





Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 09:03 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33