Family: SuSE Local Security Checks --> Category: infos
SUSE-SA:2005:057: opera Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the opera package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory SUSE-SA:2005:057 (opera).
This update upgrades the Opera web browser to the 8.50 release.
Besides the changes in 8.50 that are listed in
following security problems were fixed:
1. Attached files are opened without any warnings directly from the
user's cache directory. This can be exploited to execute arbitrary
2. Normally, filename extensions are acertaind by the 'Content-Type'
in Opera Mail. However, by appending an additional '.' to the end of
a filename, an HTML file could be spoofed to be e.g. 'image.jpg.'.
These two vulnerabilities combined may be exploited to conduct script
insertion attacks if the user chooses to view an attachment named
e.g. 'image.jpg.' e.g. resulting in disclosure of local files.
Solution : http://www.suse.de/security/advisories/2005_57_opera.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.