[guru] Fwd: [remove-vuln@secunia.com: Secunia Research: Opera SSL Certificate "Stealing" Weakness]
DATE: Fri, 14 Jul 2006 21:30:07 +0200
Az Opera böngésző nem reseteli az SSL security bar-t a download dialog
bemutatása után egy SSL-t engedélyezett site-ról. Ezzel lehetséges egy
nem megbízható site számára a SSL security ``lopás'' megbízható site-tól.
A 9-es verzióban javították a hibát.
----- Forwarded message from Secunia Research <remove-vuln@secunia.com> -----
Date: Wed, 28 Jun 2006 10:08:30 +0200
From: Secunia Research <remove-vuln@secunia.com>
To: vuln@secunia.com
Subject: Secunia Research: Opera SSL Certificate "Stealing" Weakness
Cc: bugtraq@securityfocus.com
X-Mailer: Evolution 2.0.2 (2.0.2-27)
======================================================================
Secunia Research 28/06/2006
- Opera SSL Certificate "Stealing" Weakness -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Description of Vulnerabilities.......................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9
======================================================================
1) Affected Software
Opera 8.54
Prior versions may also be affected.
======================================================================
2) Severity
Rating: Not critical
Impact: Spoofing
Where: From remote
======================================================================
3) Description of Vulnerabilities
Secunia Research has discovered a weakness in Opera, which can be
exploited to display the SSL certificate from a trusted site on an
untrusted site.
The weakness is caused due to Opera not resetting the SSL security
bar after displaying a download dialog from a SSL enabled web site.
This allows an untrusted web site to display yellow SSL security bar
from a trusted web site.
NOTE: A more convincing exploit can be done using pop-up windows,
which do not have a visible address bar.
======================================================================
4) Solution
Upgrade to version 9.0.
======================================================================
5) Time Table
31/03/2006 - Initial vendor notification.
28/06/2006 - Public disclosure.
======================================================================
6) Credits
Discovered by Jakob Balle, Secunia Research.
======================================================================
7) References
No references available.
======================================================================
8) About Secunia
Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia website:
http://secunia.com/
Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/secunia_security_advisories/
======================================================================
9) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2006-49/advisory/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================
----- End forwarded message -----