FreeBSD : Several vulnerabilities found in IcedTea-Web (55b498e2-e56c-11e1-bbd5-001c25e46b1d)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The IcedTea project team reports :

CVE-2012-3422: Use of uninitialized instance pointers

An uninitialized pointer use flaw was found in IcedTea-Web web browser
plugin. A malicious web page could use this flaw make IcedTea-Web
browser plugin pass invalid pointer to a web browser. Depending on the
browser used, it may cause the browser to crash or possibly execute
arbitrary code.

The get_cookie_info() and get_proxy_info() call
getFirstInTableInstance() with the instance_to_id_map hash as a
parameter. If instance_to_id_map is empty (which can happen when
plugin was recently removed), getFirstInTableInstance() returns an
uninitialized pointer.

CVE-2012-3423: Incorrect handling of non 0-terminated strings

It was discovered that the IcedTea-Web web browser plugin incorrectly
assumed that all strings provided by browser are NUL terminated, which
is not guaranteed by the NPAPI (Netscape Plugin Application
Programming Interface). When used in a browser that does not NUL
terminate NPVariant NPStrings, this could lead to buffer over-read or
over-write, resulting in possible information leak, crash, or code
execution.

Mozilla browsers currently NUL terminate strings, however recent
Chrome versions are known not to provide NUL terminated data.

See also :

http://www.nessus.org/u?8f9c1f1b
http://www.nessus.org/u?39080327

Solution :

Update the affected package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 61522 ()

Bugtraq ID:

CVE ID: CVE-2012-3422
CVE-2012-3423

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now