Bugtraq mailing list archives
Re: RealPlayer bug
From: Jenny Holmberg <jch () algo net>
Date: 05 Mar 2002 08:13:31 +0100
Michiel Heijkoop <myself () mhil net> writes:
As the URL indicates, it's well possible that the webserver only listens to 127.0.0.1, which wouldn't make it a large security risk, unless its ran on an NT-machine under an admin-account and accessed by a regular user, which could then have read-access to files, he/she shouldn't have it to. Perhaps someone with Realplayer installed can check wether this miniserver is binding to all interfaces, or just the loopback?
On my WinME box, RealPlayer binds only to the loopback interface. Also it chooses different ports each time, which (depending, of course, on how the port numbers are chosen) would presumably make it somewhat harder to exploit. -- "I live in the heart of the machine. We are one."
Current thread:
- RealPlayer bug §ome1 (Mar 03)
- Re: RealPlayer bug Michiel Heijkoop (Mar 04)
- Re: RealPlayer bug obscure (Mar 05)
- Re: RealPlayer bug bugtraq42 (Mar 05)
- Re: RealPlayer bug Jenny Holmberg (Mar 05)
- Re: RealPlayer bug Michiel Heijkoop (Mar 04)