Bugtraq mailing list archives
Re: RealPlayer bug
From: bugtraq42 () myrealbox com
Date: Mon, 4 Mar 2002 22:46:39 -0800
On Sun, Mar 03, 2002 at 10:17:10PM +0100, Michiel Heijkoop wrote:
Hey, On Sat, Mar 02, 2002 at 09:16:53PM +0300, §ome1 wrote:http://127.0.0.1:1275/template.html?src=file://C:/music/file.ram from now realplay.exe will listen on port 1275 TCPAs the URL indicates, it's well possible that the webserver only listens to 127.0.0.1, which wouldn't make it a large security risk, unless its ran on an NT-machine under an admin-account and accessed by a regular user, which could then have read-access to files, he/she shouldn't have it to. Perhaps someone with Realplayer installed can check wether this miniserver is binding to all interfaces, or just the loopback?
Not just NT, this bug is present on the linux version as well (8.0-1). A quick check with this version reveals that it listens ONLY on the loopback (127.0.0.1) interface. Still, this could be a serious risk to multi-user systems.
Current thread:
- RealPlayer bug §ome1 (Mar 03)
- Re: RealPlayer bug Michiel Heijkoop (Mar 04)
- Re: RealPlayer bug obscure (Mar 05)
- Re: RealPlayer bug bugtraq42 (Mar 05)
- Re: RealPlayer bug Jenny Holmberg (Mar 05)
- Re: RealPlayer bug Michiel Heijkoop (Mar 04)