[Gllug] RealNetworks Plugin Vulnerability
Mike Brodbelt
mike at coruscant.demon.co.uk
Fri Nov 18 23:32:54 UTC 2005
On Thu, 2005-11-17 at 21:53 +0100, Martin A. Brooks wrote:
> Henry Gilbert wrote:
> > A plugin vulnerability has been found on HelixPlayer and RealPlayer.
> > Which allows an intruder to execute command on a host system.
> > Rebooting Remote Desktops for kicks is not uncommon.
> > Urgent Update is recommended.
>
> It was announced at the end of September. Timeliness is important when
> dealing with security issues.
>
> Where does this leave your "desktop linux is secure" theory, then?
Surely any account that Real/Helix is running under shouldn't have
permission to reboot the system? If it's possible to exploit a
vulnerability in the RealPlayer plugin and cause a system reboot,
there's a security hole in more than just the player...
Mike
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list