10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.005 Low
EPSS
Percentile
76.3%
Kindle Touch 5.1.0 contains a scriptable browser plugin which can be invoked by accessing a malicious web page.
It has been reported that Kindle Touch 5.1.0 has introduced a NPAPI plugin /usr/lib/libkindleplugin.so
(symlinked to /usrl/lib/browser/plugins/libkindleplugin.so
) that can be used by the system-wide WebKit engine. libkindleplugin
is scriptable by the browser and can be invoked to access its “exported” native methods when a user accesses a web page containing embedded scripts.
The user eurekahas reported on the MobileRead forums that they have found multiple “exported” properties and methods associated with libkindleplugin
.
* `property test (it just returns number 500)`
* `method dev.log`
* `method lipc.set`
* `method lipc.get`
* `method todo.scheduleItems`
* `plugin.test`
* `plugin.lipc.test`
* `plugin.dev.test`
* `plugin.todo.test`
By convincing a user to access a specially crafted web page, a remote, unauthenticated attacker may be able to execute arbitrary code with root privileges.
Update
It has been reported that Kindle Touch 5.1.2 deletes the NPAPI plugin /usr/lib/libkindleplugin.so
, symlink /usrl/lib/browser/plugins/libkindleplugin.so
and directory /usr/lib/browser
. Users are advised to upgrade to Kindle Touch 5.1.2.
Disable**libkindleplugin**
Users are advised to disable libkindleplugin
by renaming or removing the /usr/lib/browser/plugins/libkindleplugin.so
symlink.
122656
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: July 30, 2012 Updated: August 01, 2012
Affected
We have previously been made aware of this specific issue and have released updated software, version 5.1.2, containing the necessary adjustments.
Updated software for Kindle devices are available for download at <http://www.amazon.com/kindlesoftwareupdates>
It has been reported that Kindle Touch 5.1.2 deletes the NPAPI plugin /usr/lib/libkindleplugin.so, symlink /usrl/lib/browser/plugins/libkindleplugin.so and directory /usr/lib/browser. Users are advised to upgrade to Kindle Touch 5.1.2.
Group | Score | Vector |
---|---|---|
Base | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Temporal | 7.3 | E:POC/RL:OF/RC:C |
Environmental | 1.8 | CDP:N/TD:L/CR:ND/IR:ND/AR:ND |
http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368
Thanks to eureka on the MobileRead forums for reporting this vulnerability.
This document was written by Michael Orlando.
CVE IDs: | CVE-2012-4248, CVE-2012-4249 |
---|---|
Date Public: | 2012-04-04 Date First Published: |