446096 – <www-client/opera-12.12_p1707 - multiple vulnerabilities (CVE-2012-{6470,6471,6472})

Bug 446096 - <www-client/opera-12.12_p1707 - multiple vulnerabilities (CVE-2012-{6470,6471,6472})

Summary: <www-client/opera-12.12_p1707 - multiple vulnerabilities (CVE-2012-{6470,6471...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	http://www.opera.com/docs/changelogs/...
Whiteboard:	B2 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2012-12-05 13:34 UTC by Agostino Sarubbo
Modified:	2014-06-19 11:49 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2012-12-05 13:34:02 UTC

From $URL :

Description
Kaveh Ghaemmaghami has discovered a vulnerability in Opera, which can be exploited by malicious 
people to potentially compromise a user's system.

The vulnerability is caused due to an error when decoding image data and can be exploited to cause 
a heap-based buffer underflow via a specially crafted GIF image.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 12.11 Build 1661. Other versions may also be affected.


Solution
No official solution is currently available.

Comment 1 Jeroen Roovers (RETIRED) gentoo-dev

2012-12-18 16:05:26 UTC

 - Security -
* Fixed an issue where malformed GIF images could allow execution of arbitrary
  code; see our advisory[1]
* Fixed an issue where repeated attempts to access a target site could trigger
  address field spoofing, as reported by Masato Kinugawa; see our advisory[2]
* UNIX-only
   Fixed an issue where private data could be disclosed to other computer users,
   or be modified by them, as reported by Jann Horn; see our advisory[3]


[1] http://www.opera.com/support/kb/view/1038/
[2] http://www.opera.com/support/kb/view/1040/
[3] http://www.opera.com/support/kb/view/1039/

 - - - - - - - - - - - 

Arch teams, please test and mark stable:
=www-client/opera-12.12_p1707
Stable KEYWORDS : amd64 x86

Comment 2 Andreas Schürch gentoo-dev

2012-12-19 06:32:49 UTC

x86 done.

Comment 3 Agostino Sarubbo gentoo-dev

2012-12-19 14:29:56 UTC

amd64 stable

Comment 4 Sean Amoss (RETIRED) gentoo-dev

2012-12-21 15:07:00 UTC

Added to existing GLSA request.

Comment 5 GLSAMaker/CVETool Bot gentoo-dev

2013-01-02 19:11:48 UTC

CVE-2012-6472 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6472):
  Opera before 12.12 on UNIX uses weak permissions for the profile directory,
  which allows local users to obtain sensitive information by reading a (1)
  cache file, (2) password file, or (3) configuration file, or (4) possibly
  gain privileges by modifying or overwriting a configuration file.

CVE-2012-6471 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6471):
  Opera before 12.12 allows remote attackers to spoof the address field via a
  high rate of HTTP requests.

CVE-2012-6470 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6470):
  Opera before 12.12 does not properly allocate memory for GIF images, which
  allows remote attackers to execute arbitrary code or cause a denial of
  service (memory overwrite) via a malformed image.

Comment 6 GLSAMaker/CVETool Bot gentoo-dev

2014-06-15 00:48:08 UTC

This issue was resolved and addressed in
 GLSA 201406-14 at http://security.gentoo.org/glsa/glsa-201406-14.xml
by GLSA coordinator Chris Reffett (creffett).

Comment 7 GLSAMaker/CVETool Bot gentoo-dev

2014-06-19 11:49:51 UTC

This issue was resolved and addressed in
 GLSA 201406-14 at http://security.gentoo.org/glsa/glsa-201406-14.xml
by GLSA coordinator Chris Reffett (creffett).