SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Windows Media Player Vendors:   Microsoft
Microsoft Windows Media Player for Solaris Uses Unsafe Default Permissions
SecurityTracker Alert ID:  1005454
SecurityTracker URL:  http://securitytracker.com/id/1005454
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 18 2002
Impact:   Execution of arbitrary code via local system, Modification of user information, User access via local system

Version(s): 6.3
Description:   A configuration vulnerability was reported in the default installation of Microsoft Windows Media Player for the Sun Solaris operating system. A local user can cause arbitrary code to be executed by a target user when the target user runs the player.

It is reported that the executable installer sets the permissions of the executablesas word-writable files, ignoring the umask of the installer.

A local user can modify the executables so that, when the executables are subsequently loaded by a target user, arbitrary code will be executed with the privileges of the target user.

Impact:   A local user can cause arbitrary code to be executed by a target user when the target user runs the player.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.microsoft.com/windows/windowsmedia/download/solaris.asp (Links to External Site)
Cause:   Access control error, Configuration error
Underlying OS:  UNIX (Solaris - SunOS)

Message History:   None.


 Source Message Contents

Subject:  Microsoft Windows Media Player for Sparc/Solaris vulnerability


[feel free to include in BugTraq, I haven't seen past reports for this
one]

Microsoft Windows Media Player v6.3 for Sparc/Solaris is available for
download from http://download.microsoft.com.

When you install it on Solaris (the program is distributed as an
executable installer, which takes care of everything), the executables
are installed as word-writable files, effectively ignoring the umask
of the installer.

It means that anybody with an account on the system can change those
executables and put a trojan in them. People executing the program
later will happily run the trojan and have their account compromised.

  Sam
-- 
Samuel Tardieu -- sam@rfc1149.net -- http://www.rfc1149.net/sam


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC