Opera Web Browser Stylesheet Attribute Buffer Overflow Vulnerability
BID:17513
Info
Opera Web Browser Stylesheet Attribute Buffer Overflow Vulnerability
| Bugtraq ID: | 17513 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-1834 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2006 12:00AM |
| Updated: | Mar 19 2015 08:34AM |
| Credit: | SEC Consult Unternehmensberatung GmbH is credited with the discovery of this vulnerability. |
| Vulnerable: |
SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 8 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 9.0 x86_64 S.u.S.E. Linux Professional 9.0 S.u.S.E. Linux Professional 8.2 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 S.u.S.E. Linux Desktop 1.0 Opera Software Opera Web Browser 8.52 Gentoo Linux |
| Not Vulnerable: |
Opera Software Opera Web Browser 8.54 |
Discussion
Opera Web Browser Stylesheet Attribute Buffer Overflow Vulnerability
Opera is prone to a buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input before using it in a string-copy operation.
This issue allows remote attackers to crash affected web browsers. Due to the nature of this issue, attackers may be able to exploit this issue to execute machine code, but this has not been confirmed.
Opera version 8.52 is vulnerable to this issue; other versions may also be affected.
Opera is prone to a buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input before using it in a string-copy operation.
This issue allows remote attackers to crash affected web browsers. Due to the nature of this issue, attackers may be able to exploit this issue to execute machine code, but this has not been confirmed.
Opera version 8.52 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
Opera Web Browser Stylesheet Attribute Buffer Overflow Vulnerability
The following HTML content is reportedly sufficient to crash the browser:
<STYLE type=text/css>A { FONT-FAMILY: 35000x'A' } </STYLE>
The following HTML content is reportedly sufficient to crash the browser:
<STYLE type=text/css>A { FONT-FAMILY: 35000x'A' } </STYLE>
Solution / Fix
Opera Web Browser Stylesheet Attribute Buffer Overflow Vulnerability
Solution:
Opera has released version 8.54 to address this issue.
Please see the references for vendor advisories and fixes.
Opera Software Opera Web Browser 8.52
Solution:
Opera has released version 8.54 to address this issue.
Please see the references for vendor advisories and fixes.
Opera Software Opera Web Browser 8.52
-
Opera Software Opera for Windows 8.54
http://www.opera.com/download/
References
Opera Web Browser Stylesheet Attribute Buffer Overflow Vulnerability
References:
References:
- Opera 7.54 for Windows Changelog (Opera Software)
- SEC Consult SA-20060314 :: Opera Browser CSS Attribute Integer Wrap / Buffer Ove (Bernhard Mueller