VIA Root
VIARoot Security News Security alerts Business IT security Services Security Tools About VIARoot
Opera bug crashes browser and may allow for remote code execution
Search
Security News
25% Of Malware Spread Via USB Drives
 security
Mathew J. Schwartz, InformationWeek
2010-08-27 14:11:17
Email and peer-to-peer networks also rank as significant venues for malware attacks, which have increased slightly in the U.S. but declined in Europe, according to Panda Security.
Intel Buys McAfee
 intel
Hugo Jean, Heptacube Inc.
2010-08-24 14:51:53
The motivation behind the $7.68 billion deal is unclear, but Intel says it wants to integrate computer security into its hardware.
IT Directory
Wiseleap Solutions Inc.
Founded in 2005, Wiseleap Solutions Inc.'s mission consists in providing companies with the information necessary to make cri [...]
IT Ration Consulting Inc.
IT-Ration Consulting inc has been a NetSuite Partner since 2005 and helps your enterprise grow by aligning your Information T [...]
HumanWare
Empowering People Focused on enhancing the lives of people with visual and learning disabilities, HumanWare provide [...]
By Hugo Jean, Heptacube Inc.
 Opera
2010-03-09 16:55:32

The processing buffer overflow was announced by Marcin Ressel (a.k.a. ~echo) following the release of version 10.50 of the Opera Web browser. Here is the description offered by Secunia:
"Marcin Ressel has discovered a vulnerability in Opera, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when processing HTTP responses having a malformed 'Content-Length' header. This can be exploited to cause a heap-based buffer overflow via an overly large 64-bit 'Content-Length' value, having the higher 32-bit part negative.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 10.50 for Windows. Other versions may also be affected."
Talks on the Opera forums suggested that this is not a vulnerability at all and is simply a crash bug, since there did not seem to be any viable exploit code available, but some reports claim the opposite. A post made Friday on the SANS Institute Web site states that "several mailing lists and readers (Juha-Matti) are reporting publicly available exploits for Opera 10.50 for Windows and below." They, like Secunia, consider the bug to be a serious threat and even advise users to stop using Opera until the alleged security hole is patched.

However, like stated previously, the bug might simply be a buffer overrun that crashes the browser and nothing more. The Secunia advisory actually does say that "successful exploitation may allow execution of arbitrary code", not that it necessarily does. And despite the claims made by Kyle Haugsness on sans.org, the existence of working exploit code for this vulnerability cannot be verified at this time.

Finally, The Register also reported that Thomas Ford of Opera said they "believe that the bug primarily causes a crash, and that exploiting the vulnerability to execute code is extremely difficult, if not impossible." Also, users of Opera are advised to enable Data Execution Prevention on Windows systems, as "in [Opera's] testing, DEP mitigates the problem and should protect the system."

It is unknown if Opera on OS X is at risk, and if there is a way to mitigate the potential threat.

Reference 1: http://www.net-security.org/secworld.php?id=8989


Reference 2: http://secunia.com/advisories/38820


Reference 3: http://www.theregister.co.uk/2010/03/05/opera_vulnerability/


Reference 4: http://isc.sans.org/diary.html?storyid=8356
Tags
bug crash Opera PoC vulnerability 

© 2006-2010 Heptacube Inc.