SQR Consulting Home Page

For all your Quality Management and Continual Improvement Initiatives and Standards
 
 SQR Consulting Home PageSQR Home Page  ForumsForums  FAQFAQ   Search ForumSearch Forum   Forum MemberlistForum Memberlist   Forum UsergroupsForum Usergroups  Who is logged onWho is logged on   Register for ForumRegister for Forum 
 Forum ProfileForum Profile   Log in to check your private messagesLog in to check your private messages  Chat RoomChat Room    Log in to ForumLog in to Forum 

Opera users baffled by vulnerability warnings

 
Post new topic   Reply to topic   printer-friendly view    strategic-quality-resources.com Forum Index -> Information Security Management Systems (ISMS)
View previous topic :: View next topic  
Author Message
GaryW
Site Admin


Joined: 14 Oct 2005
Posts: 83186
Location: Adelaide, Australia
as.gif
PostPosted: Wed Mar 10, 2010 7:49 am    Post subject: Opera users baffled by vulnerability warnings Reply with quote
David Neal, V3.co.uk, Tuesday 9 March 2010 at 16:32:00
Security vendors sending out misleading information, claims Secunia
Confusion about the severity of a
newly
reported Opera flaw could be harming efforts to mitigate the threat,
according to experts.
Secunia claimed in a
blog
post that security companies are sending out mixed messages about the
vulnerability, including inaccurate information on its effects and causes.
The security firm said that it had spent time properly analysing the flaw's
impact, and had concluded that it is far less severe than users may have been
led to believe.
\"Before issuing a Secunia advisory, a security specialist was tasked with
thoroughly analysing the vulnerability report, the cause of the crash and its
potential impact,\" wrote Carsten Eiram, chief security specialist at Secunia.
Eiram explained that the vulnerability is not caused by an integer overflow
error, as other security companies have reported.
\"Instead, in certain cases when a 64-bit 'Content-Length' value is
interpreted as negative, the higher 32-bit value is ignored and the lower 32-bit
value is used to copy data,\" he said.
\"It is therefore possible to manipulate the size value in a manner to
successfully corrupt memory and occasionally cause conditions where it is
possible to gain control of the execution flow.\"
Eiram went on to assert that at least one of Secunia's competitors misled
users.
\"At least one other site did, as usual, abuse the opportunity to hype the
vulnerability and refer to it as a zero-day, which is misleading as no working
exploit has been published nor is the vulnerability being actively exploited,\"
he wrote.
\"Instead, it was an uncoordinated, commonly termed 'irresponsible',
disclosure as the vulnerability report was published without the reporter first
informing the vendor.\"
Secunia has worked with Opera in analysing the issue, and the browser maker
has promised to issue a security advisory and a fix as soon as possible.


Read more...

Source: The most recent articles from vnunet.com
The most recent articles from vnunet.com (Generated on Tuesday 9 March 2010 at 22:17:23)
_________________
Regards,

Gary Wilkinson
Founder & Principal Consultant
SQR Consulting
Back to top
GaryW is offline View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic   printer-friendly view    strategic-quality-resources.com Forum Index -> Information Security Management Systems (ISMS) All times are GMT + 9.5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

© 2005 SQR Consulting - All rights reserved
ABN : 60512166070



Powered by phpBB © 2001, 2005 phpBB Group