Ìû áóäåì áëàãîäàðíû, åñëè Âû óñòàíîâèòå íà ñâîåì ñàéòå ññûëêó íà íàø

<a href="http://news.mitosa.net" title="Ñàìûå ëó÷øèå íîâîñòè èç èçâåñòíûõ èñòî÷íèêîâ, îòîáðàííûå äëÿ Âàñ âðó÷íóþ"> Íàðîäíûå íîâîñòè</a>

Âûãëÿäåòü ýòî ìîæåò òàê
Íàðîäíûå íîâîñòè

2 óÿçâèìîñòè â Opera

15:47 23.06.2006
 áðàóçåðå Opera íàéäåíà 1 êðèòè÷åñêàÿ óÿçâèìîñòü, ïîçâîëÿþùàÿ óäàëåííîìó ïîëüçîâàòåëþ âûïîëíèòü ïðîèçâîëüíûé êîä íà öåëåâîé ñèñòåìå è 1 óÿçâèìîñòü ïîçâîëÿþùàÿ óäàëåííîìó ïîëüçîâàòåëþ âûçâàòü îòêàç â îáñëóæèâàíèè ïðèëîæåíèÿ.

1) Öåëî÷èñëåííîå ïåðåïîëíåíèå áóôåðà ñóùåñòâóåò èç-çà îøèáêè ïðè îáðàáîòêå JPEG èçîáðàæåíèé. Óäàëåííûé ïîëüçîâàòåëü ìîæåò ñ ïîìîùüþ ñïåöèàëüíî ñôîðìèðîâàííîãî JPEG èçîáðàæåíèÿ âûïîëíèòü ïðîèçâîëüíûé êîä íà öåëåâîé ñèñòåìå.

URL ïðîèçâîäèòåëÿ: www.opera.com

Ðåøåíèå: Óñòàíîâèòå ïîñëåäíþþ âåðñèþ (9.0) ñ ñàéòà ïðîèçâîäèòåëÿ.


http://www.vigilantminds.com/advi_detail.php?id=45

Description of Issue
An integer overflow vulnerability exists in the Opera Web Browser due to the improper handling of JPEG files.

If excessively large height and width values are specified in certain fields of a JPEG file, an integer overflow may cause Opera to allocate insufficient memory for the image. This will lead to a buffer overflow when the image is loaded into memory, which can be exploited to execute arbitrary code.

Affected Systems

* Opera 8.54 and Earlier

Potential Impact
Remote Code Execution

Remediation Action
It is recommended that users upgrade to Opera 9.00, which addresses this vulnerability. Additionally, users should exercise caution while accessing the web, and should do so from accounts with limited privileges.

2) Óÿçâèìîñòü ñóùåñòâóåò ïðè îáðàáîòêå äàííûõ â ïàðàìåòðå href òåãà <a>. Óäàëåííûé ïîëüçîâàòåëü ìîæåò ñ ïîìîùüþ ñïåöèàëüíî ñôîðìèðîâàííîé ññûëêè àâàðèéíî çàâåðøèòü ðàáîòó áðàóçåðà. Ïðèìåð:

<a href="http://aaaaaaaa...aaa

Ññûëêà íà òåñòîâóþ ñòðàíèöó ñ ïðèìåðîì ýêñïëîèòà - http://www.critical.lt/research/opera_die_happy.html

Ðåøåíèå: Ñïîñîáîâ óñòðàíåíèÿ óÿçâèìîñòè íå ñóùåñòâóåò â íàñòîÿùåå âðåìÿ.

http://www.critical.lt/?vuln/349

We are: N9, bigb0u, cybergoth, iglOo, mircia, Povilas
Shouts to Lithuanian girlz! and our friends ;]

Product: Opera 9 (8.x is immune to this)
Vulnerability type: Out-of-bounds memory access via specially crafted HTML file
Risk: moderated
Attack type: Remote

Details:

Vulnerability can be exploited by using a large value in a href tag to create an out-of-bounds memory access.

Solution:

Currently none.



èñòî÷íèê: ixbt.com

Îáñóäèòü íîâîñòü íà ôîðóìå

Ïîõîæèå òåìû

Ïðè ðåïóáëèêàöèè ññûëêà íà ïåðâîèñòî÷íèê îáÿçàòåëüíà.
Copyright © 2005 MitoSa.NET