View Full Version : Another Update for Opera

28-11-2003, 07:23 PM
from IDGNet Virus & Security Watch for Friday 28 November 2003

* Another Opera update fixes multiple critical security flaws

Finnish security researcher Jouko Pynnonen has discovered two security flaws in Opera 7.22, the popular alternative to IE, suggesting users should update to Opera 7.23 as soon as practicable. Both relate to Opera's handling of 'skin' files with the first being an extension of one of the vulnerabilities discovered by S.G. Masood that we reported last week as being responsible for the release of Opera 7.22.

This newly discovered vulnerability allows a specially prepared web page to deliver files to an Opera user (through Opera's automatic download of files that seem to be skin files) and place them anywhere on the user's hard drive through the use of hex-encoded slashes in the downloaded filename (to escape the skin directory). The zip file-type checks (implemented in Opera 7.22 as a result of Masood's discoveries) are incomplete and it is possible to create executable content that passes those tests but could still be executed. Another group, calling itself 'Operash', discovered this vulnerability independently of Pynnonen.

Pynnonen also discovered that specially crafted zip files trigger a buffer overflow in Opera that appears to be readily exploitable to execute arbitrary code of an attacker's choice. He did not develop an exploit to prove this, but Opera Software has also patched its zip file handling in the latest release of the browser.

As exploits of the directory traversal vulnerability and several other, recently fixed, Opera vulnerabilities have been publicly posted, Opera users should obtain and install this latest update as soon as practicable. Also note that as of Opera 7.22, the version of Sun Java included in the Java version has been updated to 1.4.2_01, which also contains some Java security updates, so users of the Java version would be advised to obtain the full download this time to update both the browser and their Java implementation.

Opera directory traversal and buffer overflow vulns - jouko.iki.fi (http://s0.tx.co.nz/at/tep34i38501a4j17514c292424s4t9n881431f1z)

Opera 7 Arbitrary File Auto-Saved Vulnerability - 'Operash' web site (http://s0.tx.co.nz/at/tep34i38470a4j17514c292424s4t9n881431f1z)

Opera download page - opera.com (http://s0.tx.co.nz/at/tep34i38490a4j17514c292424s4t9n881431f1z)

28-11-2003, 08:34 PM
yeah i think the 7.23 update was posted somedays(week??) ago......;-)