openSUSE Security Update : opera (openSUSE-2021-712) - Nessus

Critical   Plugin ID: 150103

This page contains detailed information about the openSUSE Security Update : opera (openSUSE-2021-712) Nessus plugin including available exploits and PoCs found on GitHub, in Metasploit or Exploit-DB for verifying of this vulnerability.

Table Of Contents
hide

Plugin Overview

ID: 150103
Name: openSUSE Security Update : opera (openSUSE-2021-712)
Filename: openSUSE-2021-712.nasl
Vulnerability Published: 2021-04-26
This Plugin Published: 2021-06-01
Last Modification Time: 2021-11-30
Plugin Version: 1.4
Plugin Type: local
Plugin Family: SuSE Local Security Checks
Dependencies: ssh_get_info.nasl
Required KB Items [?]: Host/cpu, Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list

Vulnerability Information

Severity: Critical
Vulnerability Published: 2021-04-26
Patch Published: 2021-05-11
CVE [?]: CVE-2021-21206, CVE-2021-21220, CVE-2021-21222, CVE-2021-21223, CVE-2021-21224, CVE-2021-21225, CVE-2021-21226
CPE [?]: cpe:/o:novell:opensuse:15.2, p-cpe:/a:novell:opensuse:opera
Exploited by Malware: True

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for opera fixes the following issues :

Update to version 76.0.4017.94

- released on the stable branch

Update to version 76.0.4017.88

- CHR-8404 Update chromium on desktop-stable-90-4017 to 90.0.4430.85

- DNA-92219 Add bookmark API supports to the front-end

- DNA-92409 [MAC] ‘Present now’ options windows appear behind detached window

- DNA-92615 Capture tab from the tab context menu

- DNA-92616 Capture tab from Snapshot

- DNA-92617 Capture tab from image context menu

- DNA-92652 Opera 76 translations

- DNA-92680 Make image selector on any page work like bookmarks popup WP2

- DNA-92707 Crash at void base::ObserverList::AddObserver(class content::PrerenderHost::Observer*)

- DNA-92710 Autoupdate on macOS 11.3 not working

- DNA-92711 Make image selector on any page work like bookmarks popup WP3

- DNA-92730 Make image selector on any page work like bookmarks popup WP4

- DNA-92761 Make image selector on any page work like bookmarks popup WP5

- DNA-92776 Make image selector on any page work like bookmarks popup WP6

- DNA-92862 Make “View pinboards” button work

- DNA-92906 Provide in-house translations for Cashback strings to Spanish

- DNA-92908 API collides with oneclick installer

- The update to chromium 90.0.4430.85 fixes following issues :

- CVE-2021-21222, CVE-2021-21223, CVE-2021-21224, CVE-2021-21225, CVE-2021-21226

- Complete Opera 76.0 changelog at: https://blogs.opera.com/desktop/changelog-for-76/

Update to version 75.0.3969.218

- CHR-8393 Update chromium on desktop-stable-89-3969 to 89.0.4389.128

- DNA-92113 Windows debug fails to compile opera_components/ipfs/ipfs/ipfs_url_loader_throttle.obj

- DNA-92198 [Arm] Update signing scripts

- DNA-92200 [Arm] Create universal packages from two buildsets

- DNA-92338 [Search tabs] The preview isn’t updated when the tab from another window is closed

- DNA-92410 [Download popup] Selected item still looks bad in dark mode

- DNA-92441 Compilation error

- DNA-92514 Allow to generate universal DMG package from existing universal .tar.xz

- DNA-92608 Opera 75 crash during rapid workspace switching

- DNA-92627 Crash at automation::Error::code()

- DNA-92630 Crash at opera::PremiumExtensionPersistentPrefStorageImpl::IsPrem iumExtensionFeatureEnabled()

- DNA-92648 Amazon icon disappears from Sidebar Extensions section after pressing Hide Amazon button

- DNA-92681 Add missing string in Japanese

- DNA-92684 Fix issues with signing multiple bsids

- DNA-92706 Update repack generation from universal packages

- DNA-92725 Enable IPFS for all channels

- The update to chromium 89.0.4389.128 fixes following issues: CVE-2021-21206, CVE-2021-21220

Solution

Update the affected opera package.

Public Exploits

Target Network Port(s): N/A
Target Asset(s): N/A
Exploit Available: True (Metasploit Framework, GitHub)
Exploit Ease: Exploits are available

Here's the list of publicly known exploits and PoCs for verifying the openSUSE Security Update : opera (openSUSE-2021-712) vulnerability:

  1. Metasploit: exploit/multi/browser/chrome_cve_2021_21220_v8_insufficient_validation
    [Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE]
  2. GitHub: https://github.com/EdgeSecurityTeam/Vulnerability
    [CVE-2021-21220]
  3. GitHub: https://github.com/security-dbg/CVE-2021-21220
    [CVE-2021-21220]
  4. GitHub: https://github.com/StarCrossPortal/bug-hunting-101
    [CVE-2021-21223]
  5. GitHub: https://github.com/0x2l/0x2l_v8_exp
    [CVE-2021-21224]
  6. GitHub: https://github.com/StarCrossPortal/bug-hunting-101
    [CVE-2021-21224]
  7. GitHub: https://github.com/avboy1337/1195777-chrome0day
    [CVE-2021-21224]
  8. GitHub: https://github.com/c3l3si4n/malicious_nuclei_templates
    [CVE-2021-21224]
  9. GitHub: https://github.com/fardeen-ahmed/Bug-bounty-Writeups
    [CVE-2021-21225]
  10. GitHub: https://github.com/StarCrossPortal/bug-hunting-101
    [CVE-2021-21226]
  11. GitHub: https://github.com/ohnonoyesyes/CVE-2021-21224
    [CVE-2021-21224: ARM64 PoC for CVE-2021-21224]

Before running any exploit against any system, make sure you are authorized by the owner of the target system(s) to perform such activity. In any other case, this would be considered as an illegal activity.

WARNING: Beware of using unverified exploits from sources such as GitHub or Exploit-DB. These exploits and PoCs could contain malware. For more information, see how to use exploits safely.

Risk Information

CVSS V2 Vector [?]: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C
CVSS Base Score:6.8 (Medium)
Impact Subscore:6.4
Exploitability Subscore:8.6
CVSS Temporal Score:5.9 (Medium)
CVSS Environmental Score:NA (None)
Modified Impact Subscore:NA
Overall CVSS Score:5.9 (Medium)
CVSS V3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
CVSS Base Score:9.6 (Critical)
Impact Subscore:6.0
Exploitability Subscore:2.8
CVSS Temporal Score:9.2 (Critical)
CVSS Environmental Score:NA (None)
Modified Impact Subscore:NA
Overall CVSS Score:9.2 (Critical)

Go back to menu.

Plugin Source

This is the openSUSE-2021-712.nasl nessus plugin source code. This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof. 

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2021-712.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include("compat.inc");

if (description)
{
  script_id(150103);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/11/30");

  script_cve_id("CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21222", "CVE-2021-21223", "CVE-2021-21224", "CVE-2021-21225", "CVE-2021-21226");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2021/11/17");

  script_name(english:"openSUSE Security Update : opera (openSUSE-2021-712)");
  script_summary(english:"Check for the openSUSE-2021-712 patch");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description",
    value:
"This update for opera fixes the following issues :

Update to version 76.0.4017.94

  - released on the stable branch

Update to version 76.0.4017.88

  - CHR-8404 Update chromium on desktop-stable-90-4017 to
    90.0.4430.85

  - DNA-92219 Add bookmark API supports to the front-end

  - DNA-92409 [MAC] ‘Present now’ options
    windows appear behind detached window

  - DNA-92615 Capture tab from the tab context menu

  - DNA-92616 Capture tab from Snapshot

  - DNA-92617 Capture tab from image context menu

  - DNA-92652 Opera 76 translations

  - DNA-92680 Make image selector on any page work like
    bookmarks popup WP2

  - DNA-92707 Crash at void
    base::ObserverList::AddObserver(class
    content::PrerenderHost::Observer*)

  - DNA-92710 Autoupdate on macOS 11.3 not working

  - DNA-92711 Make image selector on any page work like
    bookmarks popup WP3

  - DNA-92730 Make image selector on any page work like
    bookmarks popup WP4

  - DNA-92761 Make image selector on any page work like
    bookmarks popup WP5

  - DNA-92776 Make image selector on any page work like
    bookmarks popup WP6

  - DNA-92862 Make “View pinboards” button work

  - DNA-92906 Provide in-house translations for Cashback
    strings to Spanish

  - DNA-92908 API collides with oneclick installer

  - The update to chromium 90.0.4430.85 fixes following
    issues :

  - CVE-2021-21222, CVE-2021-21223, CVE-2021-21224,
    CVE-2021-21225, CVE-2021-21226

  - Complete Opera 76.0 changelog at:
    https://blogs.opera.com/desktop/changelog-for-76/

Update to version 75.0.3969.218

  - CHR-8393 Update chromium on desktop-stable-89-3969 to
    89.0.4389.128

  - DNA-92113 Windows debug fails to compile
    opera_components/ipfs/ipfs/ipfs_url_loader_throttle.obj

  - DNA-92198 [Arm] Update signing scripts

  - DNA-92200 [Arm] Create universal packages from two
    buildsets

  - DNA-92338 [Search tabs] The preview isn’t updated
    when the tab from another window is closed

  - DNA-92410 [Download popup] Selected item still looks bad
    in dark mode

  - DNA-92441 Compilation error

  - DNA-92514 Allow to generate universal DMG package from
    existing universal .tar.xz

  - DNA-92608 Opera 75 crash during rapid workspace
    switching

  - DNA-92627 Crash at automation::Error::code()

  - DNA-92630 Crash at
    opera::PremiumExtensionPersistentPrefStorageImpl::IsPrem
    iumExtensionFeatureEnabled()

  - DNA-92648 Amazon icon disappears from Sidebar Extensions
    section after pressing Hide Amazon button

  - DNA-92681 Add missing string in Japanese

  - DNA-92684 Fix issues with signing multiple bsids

  - DNA-92706 Update repack generation from universal
    packages

  - DNA-92725 Enable IPFS for all channels

  - The update to chromium 89.0.4389.128 fixes following
    issues: CVE-2021-21206, CVE-2021-21220"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://blogs.opera.com/desktop/changelog-for-76/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected opera package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:opera");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.2");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/04/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/05/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/06/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.2", reference:"opera-76.0.4017.94-lp152.2.43.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "opera");
}

The latest version of this script can be found in these locations depending on your platform:

  • Linux / Unix:
    /opt/nessus/lib/nessus/plugins/openSUSE-2021-712.nasl
  • Windows:
    C:\ProgramData\Tenable\Nessus\nessus\plugins\openSUSE-2021-712.nasl
  • Mac OS X:
    /Library/Nessus/run/lib/nessus/plugins/openSUSE-2021-712.nasl

Go back to menu.

How to Run

Here is how to run the openSUSE Security Update : opera (openSUSE-2021-712) as a standalone plugin via the Nessus web user interface (https://localhost:8834/):

  1. Click to start a New Scan.
  2. Select Advanced Scan.
  3. Navigate to the Plugins tab.
  4. On the top right corner click to Disable All plugins.
  5. On the left side table select SuSE Local Security Checks plugin family.
  6. On the right side table select openSUSE Security Update : opera (openSUSE-2021-712) plugin ID 150103.
  7. Specify the target on the Settings tab and click to Save the scan.
  8. Run the scan.

Here are a few examples of how to run the plugin in the command line. Note that the examples below demonstrate the usage on the Linux / Unix platform.

Basic usage:

/opt/nessus/bin/nasl openSUSE-2021-712.nasl -t <IP/HOST>

Run the plugin with audit trail message on the console:

/opt/nessus/bin/nasl -a openSUSE-2021-712.nasl -t <IP/HOST>

Run the plugin with trace script execution written to the console (useful for debugging):

/opt/nessus/bin/nasl -T - openSUSE-2021-712.nasl -t <IP/HOST>

Run the plugin with using a state file for the target and updating it (useful for running multiple plugins on the target):

/opt/nessus/bin/nasl -K /tmp/state openSUSE-2021-712.nasl -t <IP/HOST>

Go back to menu.

References

See also: Similar and related Nessus plugins:
  • 149082 - Debian DSA-4906-1 : chromium - security update
  • 148599 - FreeBSD : chromium -- multiple vulnerabilities (7c0d71a9-9d48-11eb-97a0-e09467587c17)
  • 148931 - FreeBSD : chromium -- multiple vulnerabilities (cb13a765-a277-11eb-97a0-e09467587c17)
  • 149223 - GLSA-202104-08 : Chromium, Google Chrome: Multiple vulnerabilities
  • 148487 - Google Chrome < 89.0.4389.128 Multiple Vulnerabilities
  • 148848 - Google Chrome < 90.0.4430.85 Multiple Vulnerabilities
  • 148488 - Google Chrome < 89.0.4389.128 Multiple Vulnerabilities
  • 148849 - Google Chrome < 90.0.4430.85 Multiple Vulnerabilities
  • 148565 - Microsoft Edge (Chromium) < 89.0.774.77 Multiple Vulnerabilities
  • 148939 - Microsoft Edge (Chromium) < 90.0.818.46 Multiple Vulnerabilities
  • 148746 - openSUSE Security Update : chromium (openSUSE-2021-567)
  • 149603 - openSUSE Security Update : Chromium (openSUSE-2021-629)

Version

This page has been produced using Nessus Professional 10.1.2 (#68) LINUX, Plugin set 202205072148.
Plugin file openSUSE-2021-712.nasl version 1.4. For more plugins, visit the Nessus Plugin Library.

Go back to menu.