5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
81.4%
This patch brings Opera to security update level 9.50
Following security problems were fixed: CVE-2008-2714: Opera before 9.26 allows remote attackers to misrepresent web page addresses using ‘certain characters’ that ‘cause the page address text to be misplaced.’
CVE-2008-2715: Unspecified vulnerability in Opera before 9.5 allows remote attackers to read cross-domain images via HTML CANVAS elements that use the images as patterns.
CVE-2008-2716: Unspecified vulnerability in Opera before 9.5 allows remote attackers to spoof the contents of trusted frames on the same parent page by modifying the location, which can facilitate phishing attacks.
It also contains lots of new features and other bugfixes, see the Changelog at: http://www.opera.com/docs/changelogs/linux/950/
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update opera-5354.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(33224);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2008-2714", "CVE-2008-2715", "CVE-2008-2716");
script_name(english:"openSUSE 10 Security Update : opera (opera-5354)");
script_summary(english:"Check for the opera-5354 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This patch brings Opera to security update level 9.50
Following security problems were fixed: CVE-2008-2714: Opera before
9.26 allows remote attackers to misrepresent web page addresses using
'certain characters' that 'cause the page address text to be
misplaced.'
CVE-2008-2715: Unspecified vulnerability in Opera before 9.5 allows
remote attackers to read cross-domain images via HTML CANVAS elements
that use the images as patterns.
CVE-2008-2716: Unspecified vulnerability in Opera before 9.5 allows
remote attackers to spoof the contents of trusted frames on the same
parent page by modifying the location, which can facilitate phishing
attacks.
It also contains lots of new features and other bugfixes, see the
Changelog at: http://www.opera.com/docs/changelogs/linux/950/"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.opera.com/docs/changelogs/linux/950/"
);
script_set_attribute(attribute:"solution", value:"Update the affected opera package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_cwe_id(200);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:opera");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3");
script_set_attribute(attribute:"patch_publication_date", value:"2008/06/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2008/06/19");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE10\.2|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.2 / 10.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE10.2", reference:"opera-9.50-0.1") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"opera-9.50-0.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Opera");
}