FreeBSD : opera -- multiple vulnerabilities in Java implementation (1489df94-6bcb-11d9-a21e-000a95bc6fae)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Marc Schoenefeld reports :

Opera 7.54 is vulnerable to leakage of the java sandbox, allowing
malicious applets to gain unacceptable privileges. This allows them to
be used for information gathering (spying) of local identity
information and system configurations as well as causing annoying
crash effects.

Opera 754 [sic] which was released Aug 5,2004 is vulnerable to the
XSLT processor covert channel attack, which was corrected with JRE
1.4.2_05 [released in July 04], but in disadvantage to the users the
opera packaging guys chose to bundle the JRE 1.4.2_04 [...]

Internal pointer DoS exploitation: Opera.jar contains the opera
replacement of the java plugin. It therefore handles communication
between JavaScript and the Java VM via the liveconnect protocol. The
public class EcmaScriptObject exposes a system memory pointer to the
java address space, by constructing a special variant of this type an
internal cache table can be polluted by false entries that infer
proper function of the JSObject class and in the following
proof-of-concept crash the browser.

Exposure of location of local java installation Sniffing the URL
classpath allows to retrieve the URLs of the bootstrap class path and
therefore the JDK installation directory.

Exposure of local user name to an untrusted applet An attacker could
use the sun.security.krb5.Credentials class to retrieve the name of
the currently logged in user and parse his home directory from the
information which is provided by the thrown
java.security.AccessControlException.

See also :

http://marc.info/?l=bugtraq&m=110088923127820
http://www.nessus.org/u?3d239954

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 18849 (freebsd_pkg_1489df946bcb11d9a21e000a95bc6fae.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now