Full Disclosure mailing list archives
RealOne Player local privilege escalation
From: Jon Hart <warchild () spoofed org>
Date: Mon, 8 Sep 2003 21:48:59 -0400
Greetings, RealOne Player for the UNIX platform, sometimes referred to as the "community supported" realplayer version 9, installs per-user configuration files with group write permissions by default. On most UNIX variants, this is a serious issue as most users belong to the same group and oftentimes home directories are created with the group read and execute bits set, thereby allowing malicious local users to modify the RealOne configuration files of other users. This issue was reported to the Real.com developers June 18, 2003 by an anonymous user and there is still no fix available despite the fact that this is a serious issue and the fix is trivial. However, developers are now aware of the problem and are going to be releasing a fix. In the meantime, `chmod 700 ~/.realnetworks/*` and see this thread: http://realforum.real.com/cgi-bin/unixplayer/showthreaded.pl?Cat=&Board=install2&Number=4513 The following link goes into a bit more depth surrounding the problem, and includes some proof of concept exploit code, should you find it necessary: http://spoofed.org/files/rp9-priv-esc.c Please note that because RealOne player is only currently available for x86 Linux variants, only x86 Linux systems with RealOne player installed are impacted by this bug. Cheers, -jon _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RealOne Player local privilege escalation Jon Hart (Sep 08)