Amazon Kindle Touch libkindleplugin scriptable browser plugin vulnerability

2012-07-30T00:00:00
ID VU:122656
Type cert
Reporter CERT
Modified 2013-04-08T00:00:00

Description

Overview

Kindle Touch 5.1.0 contains a scriptable browser plugin which can be invoked by accessing a malicious web page.

Description

It has been reported that Kindle Touch 5.1.0 has introduced a NPAPI plugin /usr/lib/libkindleplugin.so (symlinked to /usrl/lib/browser/plugins/libkindleplugin.so) that can be used by the system-wide WebKit engine. libkindlepluginis scriptable by the browser and can be invoked to access its "exported" native methods when a user accesses a web page containing embedded scripts.

The user eureka has reported on the MobileRead forums that they have found multiple "exported" properties and methods associated with libkindleplugin.

* `property test (it just returns number 500)`
* `method dev.log`
* `method lipc.set`
* `method lipc.get`
* `method todo.scheduleItems`
* `plugin.test`
* `plugin.lipc.test`
* `plugin.dev.test`
* `plugin.todo.test`

Impact

By convincing a user to access a specially crafted web page, a remote, unauthenticated attacker may be able to execute arbitrary code with root privileges.


Solution

Update