|| Hotline : 800 2378 ||  To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu ||  To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||
    Constituency
    Authority
    Vol. 2, Feb 2012
    Vol. 1, Oct 2011
    World CERTs
    Email Abuse
 
 
Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University
 
 
 
 
 
 
 
 
 
 
 
 


   
 

CERT-MU AD-2009-14

Multiple Vulnerabilities in Opera

Original issue date: 07 September, 2009

Overview

Multiple vulnerabilities have been reported in Opera, which could be exploited to bypass security restrictions and conduct spoofing attacks.

Description

  • Intermediate Certificate Spoofing Vulnerability

    This vulnerability exists because Opera fails to check the revocation status for intermediate certificates not served by the server. This may cause sites using revoked intermediate certificates to be shown as secure.

  • URL Spoofing Vulnerability

    This vulnerability is caused by improper updation of domain name within the collapsed address bar, which could cause the previous domain to be shown instead of the domain of the present site.This could be exploited by remote attackers to spoof URLs.

  • Limited Address Spoofing Vulnerability

    This vulnerability is due to certain Unicode characters are treated incorrectly, which might cause International Domain Names (IDN) that use them to be shown in the wrong format. Attackers could exploit this vulnerability to perform limited address spoofing.

  • Security Bypass Vulnerability

    This vulnerability exists because the browser fails to properly validate the domain name in a signed CA certificate. A remote attacker could exploit this vulnerability by using a certificate which use a wild card immediately before the top level domain, or nulls in the domain name, to be incorrectly interpreted as secure.
Software Affected

  • Opera versions 9.x

Impact

Severity Rating: Medium

Solution

Upgrade to Opera 10 or later
http://www.opera.com/download/

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Vendor Information

Opera
http://www.opera.com/download/

CVE Name

CVE-2009-3044
CVE-2009-3046
CVE-2009-3047
CVE-2009-3049

CVE Name

Opera
http://www.opera.com/support/kb/view/929/
http://www.opera.com/support/kb/view/930/
http://www.opera.com/support/kb/view/932/
http://www.opera.com/support/kb/view/934/
http://www.opera.com/docs/changelogs/windows/1000/

ISS XFORCE
http://xforce.iss.net/xforce/xfdb/52965

VUPEN Security
http://www.vupen.com/english/advisories/2009/2500

SecurityFocus
http://www.securityfocus.com/bid/36202/

Secunia
http://secunia.com/advisories/36414/

SecurityTracker
http://www.securitytracker.com/alerts/2009/Sep/1022799.html

Juniper Networks
http://www.juniper.net/security/auto/vulnerabilities/vuln36202.html

 
 
News & Events
Safer Internet Day 2012
Computer Security Day 2011
Workshop on Cloud Security
Workshop on Mobile Security
Certificate Award Ceremony for Trainings in Information Security Management
  more...
 
Virus Alerts
RSS Feed
Subscribe Mailing List
 
 
 
09-Jul-2011

Last Updated 09-Jul-2009
Disclaimer Maintained & Hosted by NCB
This site is best viewed in 1024 x 768 resolution. Internet Explorer 6.0 +