[24548] in bugtraq
Re: RealPlayer bug
daemon@ATHENA.MIT.EDU (bugtraq42@myrealbox.com)
Tue Mar 5 17:23:38 2002
Date: Mon, 4 Mar 2002 22:46:39 -0800
From: bugtraq42@myrealbox.com
To: bugtraq@securityfocus.com
Message-ID: <20020305064639.GA1332@localhost.localdomain>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20020303221710.A11329@mhil.net>
On Sun, Mar 03, 2002 at 10:17:10PM +0100, Michiel Heijkoop wrote:
> Hey,
>
> On Sat, Mar 02, 2002 at 09:16:53PM +0300, §ome1 wrote:
> > http://127.0.0.1:1275/template.html?src=file://C:/music/file.ram
> > from now realplay.exe will listen on port 1275 TCP
> As the URL indicates, it's well possible that the webserver only listens to 127.0.0.1, which wouldn't make it a large security risk, unless its ran on an NT-machine under an admin-account and accessed by a regular user, which could then have read-access to files, he/she shouldn't have it to. Perhaps someone with Realplayer installed can check wether this miniserver is binding to all interfaces, or just the loopback?
>
Not just NT, this bug is present on the linux version as well
(8.0-1). A quick check with this version reveals that it listens ONLY
on the loopback (127.0.0.1) interface. Still, this could be a serious
risk to multi-user systems.
