|
íàðîäíûå |
|
Ìû áóäåì áëàãîäàðíû, åñëè Âû óñòàíîâèòå íà ñâîåì ñàéòå ññûëêó íà íàø
<a href="http://news.mitosa.net" title="Ñàìûå ëó÷øèå íîâîñòè èç èçâåñòíûõ èñòî÷íèêîâ, îòîáðàííûå äëÿ Âàñ âðó÷íóþ"> Íàðîäíûå íîâîñòè</a> Âûãëÿäåòü ýòî ìîæåò òàê Íàðîäíûå íîâîñòè |
2 óÿçâèìîñòè â Opera
 áðàóçåðå Opera íàéäåíà 1 êðèòè÷åñêàÿ óÿçâèìîñòü, ïîçâîëÿþùàÿ óäàëåííîìó ïîëüçîâàòåëþ âûïîëíèòü ïðîèçâîëüíûé êîä íà öåëåâîé ñèñòåìå è 1 óÿçâèìîñòü ïîçâîëÿþùàÿ óäàëåííîìó ïîëüçîâàòåëþ âûçâàòü îòêàç â îáñëóæèâàíèè ïðèëîæåíèÿ.
1) Öåëî÷èñëåííîå ïåðåïîëíåíèå áóôåðà ñóùåñòâóåò èç-çà îøèáêè ïðè îáðàáîòêå JPEG èçîáðàæåíèé. Óäàëåííûé ïîëüçîâàòåëü ìîæåò ñ ïîìîùüþ ñïåöèàëüíî ñôîðìèðîâàííîãî JPEG èçîáðàæåíèÿ âûïîëíèòü ïðîèçâîëüíûé êîä íà öåëåâîé ñèñòåìå. URL ïðîèçâîäèòåëÿ: www.opera.com Ðåøåíèå: Óñòàíîâèòå ïîñëåäíþþ âåðñèþ (9.0) ñ ñàéòà ïðîèçâîäèòåëÿ. http://www.vigilantminds.com/advi_detail.php?id=45 Description of Issue An integer overflow vulnerability exists in the Opera Web Browser due to the improper handling of JPEG files. If excessively large height and width values are specified in certain fields of a JPEG file, an integer overflow may cause Opera to allocate insufficient memory for the image. This will lead to a buffer overflow when the image is loaded into memory, which can be exploited to execute arbitrary code. Affected Systems * Opera 8.54 and Earlier Potential Impact Remote Code Execution Remediation Action It is recommended that users upgrade to Opera 9.00, which addresses this vulnerability. Additionally, users should exercise caution while accessing the web, and should do so from accounts with limited privileges. 2) Óÿçâèìîñòü ñóùåñòâóåò ïðè îáðàáîòêå äàííûõ â ïàðàìåòðå href òåãà <a>. Óäàëåííûé ïîëüçîâàòåëü ìîæåò ñ ïîìîùüþ ñïåöèàëüíî ñôîðìèðîâàííîé ññûëêè àâàðèéíî çàâåðøèòü ðàáîòó áðàóçåðà. Ïðèìåð: <a href="http://aaaaaaaa...aaa Ññûëêà íà òåñòîâóþ ñòðàíèöó ñ ïðèìåðîì ýêñïëîèòà - http://www.critical.lt/research/opera_die_happy.html Ðåøåíèå: Ñïîñîáîâ óñòðàíåíèÿ óÿçâèìîñòè íå ñóùåñòâóåò â íàñòîÿùåå âðåìÿ. http://www.critical.lt/?vuln/349 We are: N9, bigb0u, cybergoth, iglOo, mircia, Povilas Shouts to Lithuanian girlz! and our friends ;] Product: Opera 9 (8.x is immune to this) Vulnerability type: Out-of-bounds memory access via specially crafted HTML file Risk: moderated Attack type: Remote Details: Vulnerability can be exploited by using a large value in a href tag to create an out-of-bounds memory access. Solution: Currently none. èñòî÷íèê: ixbt.com Ïîõîæèå òåìû Äûðû â áðàóçåðàõ Opera è Mozilla Äâå êðèòè÷åñêèå óÿçâèìîñòè â áðàóçåðå Firefox 1.0. Opera 8 final ïîáèëà ðåêîðä Firefox? Âûøëà òåñòîâàÿ Opera 8.02 ñ ïîääåðæêîé BitTorrent Opera ïðèçûâàåò ïîëüçîâàòåëåé ñáðîñèòü ìàñêèðîâêó |