 | |
| |
| 04 Mar 2010 | |
| Windows 7 RTM 83 posts | Heads up Opera users. New Vulnerability. Opera's latest release of 10.5 has a 'highly critical' security flaw. Secuina reports that this vulnerability may allow execution of remote code, and that it may also impact version 10.1 as well as 10.5. You can read more about it at this link. Quote: Marcin Ressel has discovered a vulnerability in Opera, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when processing HTTP responses having a malformed "Content-Length" header. This can be exploited to cause a heap-based buffer overflow via an overly large 64-bit "Content-Length" value, having the higher 32-bit part negative. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 10.50 for Windows. Other versions may also be affected. Solution Do not browse untrusted websites or follow untrusted links. |
My System Specs | |
| 05 Mar 2010 | |
| Win XP 5 posts | Secunia advisory 38820 (Content-Length Buffer Overflow in 10.50) turned out to be invalid. It is not exploitable. Twitter / Haavard: Secunia advisory 38820 (Co ... |
| My System Specs |
| 05 Mar 2010 | |
| Windows 7 RTM 83 posts | 
Quote: Originally Posted by sa1  Secunia advisory 38820 (Content-Length Buffer Overflow in 10.50) turned out to be invalid. It is not exploitable. Twitter / Haavard: Secunia advisory 38820 (Co ... I'm pretty sure they're going to get into BIG trouble over this one if they play it that way. That's what got Adobe into trouble with the Aurora attacks, and one of the reasons that Google got hacked. |
| My System Specs |
| . |
| |
| 05 Mar 2010 | |
| Win XP 5 posts | Can you PM me a link where the php code works? (Only if its acceptable to you. I won't spread it.). I want to try for myself. I don't know if they are playing the security-by-obscurity card. But haavard is only an employee and this is not the official Opera reply yet. At least they have a good track record at patching vulnerabilities quickly that do make it out into the open unlike IE. So hopefully if what you are saying is true, it should be fixed quickly. |
| My System Specs |
| 05 Mar 2010 | |
| Windows 7 RTM 83 posts |
Quote: Originally Posted by sa1 Can you PM me a link where the php code works? (Only if its acceptable to you. I won't spread it.). I want to try for myself. I don't know if they are playing the security-by-obscurity card. But haavard is only an employee and this is not the official Opera reply yet. At least they have a good track record at patching vulnerabilities quickly that do make it out into the open unlike IE. So hopefully if what you are saying is true, it should be fixed quickly. Notable, SANS just picked up this story as well. Their reporting says that there are actually two overflow vulnerabilities - one is a DoS crash, the other allows remote code execution. See this story for more details. |
| My System Specs |
| 05 Mar 2010 | |
| Windows® 8 Pro (64-bit) 8,233 posts Mumbai, India | Never used Opera. |
| My System Specs |
| 05 Mar 2010 | |
| Win XP 5 posts | Don't know why I am not configured to receive PMs but I didn't find an option. However I found the php exploit on the web. I was not able to make it run on my localhost. Not sure if there are any requirements. Regarding the DoS problem, thats not a security issue in my opinion, more a stability issue. You won't be compromised that way. Edit: haavard posted yet another message: http://twitter.com/opvard/status/10034578436 Last edited by sa1; 05 Mar 2010 at 01:28 PM.. |
| My System Specs |
| 06 Mar 2010 | |
| Windows 7 Home Premium 64-bit 428 posts |
Quote: Originally Posted by Dinesh Never used Opera. |
| My System Specs |
| 06 Mar 2010 | |
| Windows Seven x64 177 posts Wildomar |
Quote: Originally Posted by TheIgster
Quote: Originally Posted by Dinesh Never used Opera. allkpop ? breaking k-pop celebrity gossip and news! Believe me i like Opera a lot but its still not ready. Its adobe issue with flash but I also hate that it appears with multiples on my task bar instead of me using the tabs built into the browser. I like the sleekness but what made it a very fun browser has me lost. I am not willing to part because of its gestures for right and left clicking with forward and backwards on web-pages. Jump-list and private is nice but I think ill roll back to 10.1 today |
| My System Specs |
| 06 Mar 2010 | |
| Windows 7 Ultimate 32-bit Version 6.1 (build 7600.16385) 152 posts Where cyclones in the Pacific hit first | Awww...I was just planning on a move. Oh well back to Firefox...  |
| My System Specs |
 |
Heads up Opera users. New Vulnerability. problems?
| Thread Tools | |
| Similar help and support threads for: Heads up Opera users. New Vulnerability. | ||||
| Thread | Forum | |||
 Heads up for Gmail Users | Browsers & Mail | |||
| Opera Hit by Critical 0-Day Vulnerability | Security News | |||
| Highly Critical Vulnerability Discovered in Opera 10.52 | Browsers & Mail | |||
| Highly Critical Vulnerability Discovered in Opera 10.52 | Security News | |||
| Confusion about Opera vulnerability. | Browsers & Mail | |||
All times are GMT -5. The time now is 03:02 AM.
