Detections
Analytics

FreeBSD : opera -- multiple vulnerabilities in Java implementation (1489df94-6bcb-11d9-a21e-000a95bc6fae)

high Nessus Plugin ID 18849

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Marc Schoenefeld reports :

Opera 7.54 is vulnerable to leakage of the java sandbox, allowing malicious applets to gain unacceptable privileges. This allows them to be used for information gathering (spying) of local identity information and system configurations as well as causing annoying crash effects.

Opera 754 [sic] which was released Aug 5,2004 is vulnerable to the XSLT processor covert channel attack, which was corrected with JRE 1.4.2_05 [released in July 04], but in disadvantage to the users the opera packaging guys chose to bundle the JRE 1.4.2_04 [...]

Internal pointer DoS exploitation: Opera.jar contains the opera replacement of the java plugin. It therefore handles communication between JavaScript and the Java VM via the liveconnect protocol. The public class EcmaScriptObject exposes a system memory pointer to the java address space, by constructing a special variant of this type an internal cache table can be polluted by false entries that infer proper function of the JSObject class and in the following proof-of-concept crash the browser.

Exposure of location of local java installation Sniffing the URL classpath allows to retrieve the URLs of the bootstrap class path and therefore the JDK installation directory.

Exposure of local user name to an untrusted applet An attacker could use the sun.security.krb5.Credentials class to retrieve the name of the currently logged in user and parse his home directory from the information which is provided by the thrown java.security.AccessControlException.

Solution

Update the affected packages.

See Also

https://marc.info/?l=bugtraq&m=110088923127820

http://www.nessus.org/u?c25e286b

Plugin Details

Severity: High

ID: 18849

File Name: freebsd_pkg_1489df946bcb11d9a21e000a95bc6fae.nasl

Version: 1.17

Type: local

Published: 7/13/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:linux-opera, p-cpe:/a:freebsd:freebsd:opera, p-cpe:/a:freebsd:freebsd:opera-devel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 1/24/2005

Vulnerability Publication Date: 11/19/2004