Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 444040

Summary: <www-client/opera-12.11.1661 : Buffer Overflow and Local File Detection (CVE-2012-{6468,6469})
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: jer
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2012-11-20 13:31:08 UTC 
From https://secunia.com/advisories/51331/ :

Description
A weakness and a vulnerability have been reported in Opera, which can be exploited by malicious 
people to disclose certain sensitive information and compromise a user's system.

1) The vulnerability is caused due to an error when handling HTTP responses and can be exploited to 
cause a heap-based buffer overflow.

Successful exploitation of this vulnerability may allow execution of arbitrary code.

2) The weakness is caused due to an error when handling error pages and can be exploited to 
determine the presence of local files.

The weakness and the vulnerability are reported in versions prior to 12.11.


Solution
Update to version 12.11.
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2012-11-20 14:07:46 UTC 
Security
 - Fixed an issue where HTTP response heap buffer overflow could allow execution
   of arbitrary code; see our advisory[1]
 - Fixed an issue where error pages could be used to guess local file paths; see
   our advisory[2]


[1] http://www.opera.com/support/kb/view/1036/ , the same as
    https://secunia.com/advisories/51331/
[2] http://www.opera.com/support/kb/view/1037/



Arch teams, please test and mark stable:
=www-client/opera-12.11.1661
Stable KEYWORDS : amd64 x86
Comment 2 Agostino Sarubbo gentoo-dev 2012-11-20 16:23:01 UTC 
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2012-11-21 10:17:40 UTC 
x86 stable
Comment 4 Sean Amoss (RETIRED) gentoo-dev Security 2012-11-26 11:53:57 UTC 
Added to existing GLSA request.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2013-01-02 19:09:16 UTC 
CVE-2012-6469 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6469):
  Opera before 12.11 allows remote attackers to determine the existence of
  arbitrary local files via vectors involving web script in an error page.

CVE-2012-6468 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6468):
  Heap-based buffer overflow in Opera before 12.11 allows remote attackers to
  execute arbitrary code or cause a denial of service (memory corruption) via
  a long HTTP response.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2014-06-15 00:48:05 UTC 
This issue was resolved and addressed in
 GLSA 201406-14 at http://security.gentoo.org/glsa/glsa-201406-14.xml
by GLSA coordinator Chris Reffett (creffett).
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2014-06-19 11:49:49 UTC 
This issue was resolved and addressed in
 GLSA 201406-14 at http://security.gentoo.org/glsa/glsa-201406-14.xml
by GLSA coordinator Chris Reffett (creffett).