Vigil@nce - IcedTea-Web: interaction with LiveConnect
February 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can access to IcedTea-Web LiveConnect sockets, in order to interact with the web session of another user.
Impacted products: Unix (platform)
Creation date: 10/02/2014
DESCRIPTION OF THE VULNERABILITY
However, the directory name is predictable (icedteaplugin-user), and is located in a publicly writable directory, so the attacker can create (and thus own) the directory before its usage. The attacker can then delete the socket created by IcedTea-Web, in order to replace it by its own socket.
A local attacker can therefore access to IcedTea-Web LiveConnect sockets, in order to interact with the web session of another user.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN