CVE-2005-3006
CVSS5.0
发布时间 :2005-09-21 16:03:00
修订时间 :2016-11-21 21:59:04
NMCOS    

[原文]The mail client in Opera before 8.50 opens attached files from the user's cache directory without warning the user, which might allow remote attackers to inject arbitrary web script and spoof attachment filenames.


[CNNVD]Opera Mail客户端附件欺骗和脚本注入漏洞(CNNVD-200509-202)

        Opera Mail是集成于Opera浏览器的邮件程序。
        Opera Mail客户端存在两个漏洞:
        1. 没有用户缓存目录的警告便直接打开了附件文件,这就可能在"file://"环境中执行任意JavaScript。
        2. 通常,文件名扩展是由Opera Mail的"Content-Type"判断的。但是,攻击者可以通过在文件名末尾附加额外的"."欺骗HTML文件,如"image.jpg."。 如果用户浏览了附件的话,攻击者就可以组合使用这两个漏洞执行脚本注入攻击。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:opera:opera_browser:2.00Opera Browser 2.00
cpe:/a:opera:opera_browser:6.06Opera Browser 6.06
cpe:/a:opera:opera_browser:6.05Opera Browser 6.05
cpe:/a:opera:opera_browser:7.20:beta7Opera Browser 7.20 beta 7
cpe:/a:opera:opera_browser:6.04Opera Browser 6.04
cpe:/a:opera:opera_browser:5.0:beta8Opera Browser 5.0 beta 8
cpe:/a:opera:opera_browser:7.03Opera Browser 7.03
cpe:/a:opera:opera_browser:3.62:betaOpera Browser 3.62b
cpe:/a:opera:opera_browser:7.02Opera Browser 7.02
cpe:/a:opera:opera_browser:7.01Opera Browser 7.01
cpe:/a:opera:opera_browser:7.50:beta1Opera Browser 7.50 beta 1
cpe:/a:opera:opera_browser:3.00Opera Browser 3.00
cpe:/a:opera:opera_browser:6.0:beta2Opera Browser 6.0 beta 2
cpe:/a:opera:opera_browser:2.12Opera Browser 2.12
cpe:/a:opera:opera_browser:8.0:beta2Opera Browser 8.0 beta 2
cpe:/a:opera:opera_browser:8.0:beta3Opera Browser 8.0 beta 3
cpe:/a:opera:opera_browser:6.0:beta1Opera Browser 6.0 beta 1
cpe:/a:opera:opera_browser:1.00Opera Browser 1.00
cpe:/a:opera:opera_browser:4.00:beta4Opera Browser 4.00b4
cpe:/a:opera:opera_browser:5.0Opera Browser 5.0
cpe:/a:opera:opera_browser:4.00:beta5Opera Browser 4.00b5
cpe:/a:opera:opera_browser:4.00:beta2Opera Browser 4.00b2
cpe:/a:opera:opera_browser:7.0:beta1_v2Opera Browser 7.0 beta 1 v2
cpe:/a:opera:opera_browser:4.00:beta3Opera Browser 4.00b3
cpe:/a:opera:opera_browser:6.1:beta1Opera Browser 6.1 beta 1
cpe:/a:opera:opera_browser:8.0:beta1Opera Browser 8.0 beta 1
cpe:/a:opera:opera_browser:4.00:beta6Opera Browser 4.00b6
cpe:/a:opera:opera_browser:7.0Opera Browser 7.0
cpe:/a:opera:opera_browser:7.11Opera Browser 7.11
cpe:/a:opera:opera_browser:7.10Opera Browser 7.10
cpe:/a:opera:opera_browser:7.54Opera Browser 7.54
cpe:/a:opera:opera_browser:7.53Opera Browser 7.53
cpe:/a:opera:opera_browser:7.52Opera Browser 7.52
cpe:/a:opera:opera_browser:6.03Opera Browser 6.03
cpe:/a:opera:opera_browser:2.10:beta2Opera Browser 2.10b2
cpe:/a:opera:opera_browser:6.02Opera Browser 6.02
cpe:/a:opera:opera_browser:6.01Opera Browser 6.01
cpe:/a:opera:opera_browser:2.10:beta1Opera Browser 2.10b1
cpe:/a:opera:opera_browser:3.50Opera Browser 3.50
cpe:/a:opera:opera_browser:3.51Opera Browser 3.51
cpe:/a:opera:opera_browser:2.10:beta3Opera Browser 2.10b3
cpe:/a:opera:opera_browser:7.51Opera Browser 7.51
cpe:/a:opera:opera_browser:6.0:tp1Opera Browser 6.0 TP 1
cpe:/a:opera:opera_browser:7.50Opera Browser 7.50
cpe:/a:opera:opera_browser:6.0:tp3Opera Browser 6.0 TP 3
cpe:/a:opera:opera_browser:3.10Opera Browser 3.10
cpe:/a:opera:opera_browser:6.0:tp2Opera Browser 6.0 TP 2
cpe:/a:opera:opera_browser:4.02Opera Browser 4.02
cpe:/a:opera:opera_browser:7.54:update2Opera Browser 7.54 update 2
cpe:/a:opera:opera_browser:7.54:update1Opera Browser 7.54 update 1
cpe:/a:opera:opera_browser:7.22Opera Browser 7.22
cpe:/a:opera:opera_browser:7.21Opera Browser 7.21
cpe:/a:opera:opera_browser:3.00:betaOpera Browser 3.00b
cpe:/a:opera:opera_browser:7.20Opera Browser 7.20
cpe:/a:opera:opera_browser:5.02Opera Browser 5.02
cpe:/a:opera:opera_browser:6.12Opera Browser 6.12
cpe:/a:opera:opera_browser:7.23Opera Browser 7.23
cpe:/a:opera:opera_browser:6.11Opera Browser 6.11
cpe:/a:opera:opera_browser:3.60Opera Browser 3.60
cpe:/a:opera:opera_browser:3.61Opera Browser 3.61
cpe:/a:opera:opera_browser:3.62Opera Browser 3.62
cpe:/a:opera:opera_browser:7.60Opera Browser 7.60
cpe:/a:opera:opera_browser:3.21Opera Browser 3.21
cpe:/a:opera:opera_browser:2.10Opera Browser 2.10
cpe:/a:opera:opera_browser:7.10:beta1Opera Browser 7.10 beta 1
cpe:/a:opera:opera_browser:7.0:beta2Opera Browser 7.0 beta 2
cpe:/a:opera:opera_browser:5.0:beta6Opera Browser 5.0 beta 6
cpe:/a:opera:opera_browser:7.11:beta2Opera Browser 7.11 beta 2
cpe:/a:opera:opera_browser:5.0:beta3Opera Browser 5.0 beta 3
cpe:/a:opera:opera_browser:8.0Opera Browser 8.0
cpe:/a:opera:opera_browser:7.0:beta1Opera Browser 7.0 beta 1
cpe:/a:opera:opera_browser:5.0:beta7Opera Browser 5.0 beta 7
cpe:/a:opera:opera_browser:5.0:beta4Opera Browser 5.0 beta 4
cpe:/a:opera:opera_browser:6.0Opera Browser 6.0
cpe:/a:opera:opera_browser:5.0:beta5Opera Browser 5.0 beta 5
cpe:/a:opera:opera_browser:6.1Opera Browser 6.1
cpe:/a:opera:opera_browser:5.0:beta2Opera Browser 5.0 beta 2
cpe:/a:opera:opera_browser:5.12Opera Browser 5.12
cpe:/a:opera:opera_browser:4.00Opera Browser 4.00
cpe:/a:opera:opera_browser:4.01Opera Browser 4.01
cpe:/a:opera:opera_browser:5.10Opera Browser 5.10
cpe:/a:opera:opera_browser:5.11Opera Browser 5.11
cpe:/a:opera:opera_browser:8.02Opera Browser 8.02
cpe:/a:opera:opera_browser:8.01Opera Browser 8.01

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3006
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3006
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200509-202
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=112724692219695&w=2
(UNKNOWN)  BUGTRAQ  20050920 Secunia Research: Opera Mail Client Attachment Spoofing and Script Insertion
http://www.opera.com/docs/changelogs/linux/850/
(UNKNOWN)  CONFIRM  http://www.opera.com/docs/changelogs/linux/850/
http://www.opera.com/docs/changelogs/windows/850/
(UNKNOWN)  CONFIRM  http://www.opera.com/docs/changelogs/windows/850/
http://www.securityfocus.com/advisories/9339
(UNKNOWN)  SUSE  SuSE-SA:2005:057
http://www.securityfocus.com/bid/14880
(UNKNOWN)  BID  14880
http://www.vupen.com/english/advisories/2005/1789
(UNKNOWN)  VUPEN  ADV-2005-1789
http://xforce.iss.net/xforce/xfdb/22335
(UNKNOWN)  XF  opera-mail-file-xss(22335)

- 漏洞信息

Opera Mail客户端附件欺骗和脚本注入漏洞
中危 资料不足
2005-09-21 00:00:00 2006-01-19 00:00:00
远程  
        Opera Mail是集成于Opera浏览器的邮件程序。
        Opera Mail客户端存在两个漏洞:
        1. 没有用户缓存目录的警告便直接打开了附件文件,这就可能在"file://"环境中执行任意JavaScript。
        2. 通常,文件名扩展是由Opera Mail的"Content-Type"判断的。但是,攻击者可以通过在文件名末尾附加额外的"."欺骗HTML文件,如"image.jpg."。 如果用户浏览了附件的话,攻击者就可以组合使用这两个漏洞执行脚本注入攻击。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.opera.com/download/

- 漏洞信息

19508
Opera Mail Client User Cache Directory file:// Arbitrary Script Execution
Local Access Required, Remote / Network Access Input Manipulation
Loss of Confidentiality
Exploit Unknown

- 漏洞描述

Opera contains a flaw that may allow attached files to be opened from the user's cache directory without warning. The issue is triggered when arbitrary JavaScript is executed in context of "file://". It is possible that the flaw may allow a script insertion attack, if the user chooses to view an attachment resulting in a loss of confidentiality.

- 时间线

2005-09-20 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 8.50 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Opera Web Browser Mail Client Multiple Vulnerabilities
Unknown 14880
Yes No
2005-09-20 12:00:00 2009-07-12 05:06:00
Discovery is credited to Jakob Balle, Secunia Research.

- 受影响的程序版本

S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. beagle 10.0
Opera Software Opera Web Browser 8.0 2
Opera Software Opera Web Browser 8.50

- 不受影响的程序版本

Opera Software Opera Web Browser 8.50

- 漏洞讨论

Opera Web Browser Mail client is affected by multiple vulnerabilities. These issues could allow remote attackers to spoof attachment names and carry out script injection attacks.

These vulnerabilities may also be combined to carry out various attacks.

Opera Web Browser 8.02 is reportedly vulnerable, however, it is likely that other versions are affected as well.

- 漏洞利用

An exploit is not required.

- 解决方案

Opera 8.50 is available to address these and other issues.

SUSE has released security announcement SUSE-SA:2005:057 addressing this issue. Please see the referenced advisory for further information.


Opera Software Opera Web Browser 8.0 2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站