CERTVU:122656Amazon Kindle Touch libkindleplugin scriptable browser plugin vulnerability
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.005 Low
EPSS
Percentile
76.3%
Overview
Kindle Touch 5.1.0 contains a scriptable browser plugin which can be invoked by accessing a malicious web page.
Description
It has been reported that Kindle Touch 5.1.0 has introduced a NPAPI plugin /usr/lib/libkindleplugin.so (symlinked to /usrl/lib/browser/plugins/libkindleplugin.so) that can be used by the system-wide WebKit engine. libkindleplugin is scriptable by the browser and can be invoked to access its “exported” native methods when a user accesses a web page containing embedded scripts.
The user eurekahas reported on the MobileRead forums that they have found multiple “exported” properties and methods associated with libkindleplugin.
* `property test (it just returns number 500)`
* `method dev.log`
* `method lipc.set`
* `method lipc.get`
* `method todo.scheduleItems`
* `plugin.test`
* `plugin.lipc.test`
* `plugin.dev.test`
* `plugin.todo.test`
Impact
By convincing a user to access a specially crafted web page, a remote, unauthenticated attacker may be able to execute arbitrary code with root privileges.
Solution
Update
It has been reported that Kindle Touch 5.1.2 deletes the NPAPI plugin /usr/lib/libkindleplugin.so, symlink /usrl/lib/browser/plugins/libkindleplugin.so and directory /usr/lib/browser. Users are advised to upgrade to Kindle Touch 5.1.2.
Disable**libkindleplugin**
Users are advised to disable libkindleplugin by renaming or removing the /usr/lib/browser/plugins/libkindleplugin.so symlink.
Vendor Information
122656
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Amazon __ Affected
Notified: July 30, 2012 Updated: August 01, 2012
Status
Affected
Vendor Statement
We have previously been made aware of this specific issue and have released updated software, version 5.1.2, containing the necessary adjustments.
Updated software for Kindle devices are available for download at <http://www.amazon.com/kindlesoftwareupdates>
Vendor Information
It has been reported that Kindle Touch 5.1.2 deletes the NPAPI plugin /usr/lib/libkindleplugin.so, symlink /usrl/lib/browser/plugins/libkindleplugin.so and directory /usr/lib/browser. Users are advised to upgrade to Kindle Touch 5.1.2.
Vendor References
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Temporal | 7.3 | E:POC/RL:OF/RC:C |
| Environmental | 1.8 | CDP:N/TD:L/CR:ND/IR:ND/AR:ND |
References
http://www.mobileread.com/forums/showthread.php?s=c7953cc553a4aaa36e880b25aa1a6bf6&t=175368
Acknowledgements
Thanks to eureka on the MobileRead forums for reporting this vulnerability.
This document was written by Michael Orlando.
Other Information
| CVE IDs: | CVE-2012-4248, CVE-2012-4249 |
|---|---|
| Date Public: | 2012-04-04 Date First Published: |
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.005 Low
EPSS
Percentile
76.3%