Sunday, September 7, 2003

Real-ly owned.

Heres another little exploit I've been sitting on for some time. Version 9 of Real.com's UNIX realplayer, by default, installs its config files group writable. Unforunately (depending on how you look at it ;)), these files contain, among other things, pointers to directories that realplayer uses to load shared libraries from. So, a malicious user simply modifies the config files to his liking, writes some hostile shared libraries and off he goes with the victim's account. For more details, see the exploit.

In other news, there is no news. I've gotten one denial so far from job land because I don't have any clearance. Bah. Oh well. This next week should prove interesting. Happy hacking, -jon

No comments: