RealOne Player local privilege escalation

[Jon Hart <warchild () spoofed org>]

Greetings,

RealOne Player for the UNIX platform, sometimes referred to as the
"community supported" realplayer version 9, installs per-user
configuration files with group write permissions by default.  On most
UNIX variants, this is a serious issue as most users belong to the same
group and oftentimes home directories are created with the group read
and execute bits set, thereby allowing malicious local users to modify
the RealOne configuration files of other users.

This issue was reported to the Real.com developers June 18, 2003 by an
anonymous user and there is still no fix available despite the fact that
this is a serious issue and the fix is trivial.  However, developers are
now aware of the problem and are going to be releasing a fix.  In the
meantime, `chmod 700 ~/.realnetworks/*` and see this thread:

http://realforum.real.com/cgi-bin/unixplayer/showthreaded.pl?Cat=&Board=install2&Number=4513

The following link goes into a bit more depth surrounding the problem,
and includes some proof of concept exploit code, should you find it
necessary:

http://spoofed.org/files/rp9-priv-esc.c

Please note that because RealOne player is only currently available for
x86 Linux variants, only x86 Linux systems with RealOne player installed
are impacted by this bug.

Cheers,

-jon

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html