Home page logo

bugtraq logo Bugtraq mailing list archives

Re: RealPlayer bug
From: Jenny Holmberg <jch () algo net>
Date: 05 Mar 2002 08:13:31 +0100

Michiel Heijkoop <myself () mhil net> writes:

As the URL indicates, it's well possible that the webserver only
listens to, which wouldn't make it a large security risk,
unless its ran on an NT-machine under an admin-account and accessed
by a regular user, which could then have read-access to files,
he/she shouldn't have it to. Perhaps someone with Realplayer
installed can check wether this miniserver is binding to all
interfaces, or just the loopback?

On my WinME box, RealPlayer binds only to the loopback interface. Also
it chooses different ports each time, which (depending, of course, on
how the port numbers are chosen) would presumably make it somewhat
harder to exploit.

"I live in the heart of the machine. We are one." 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]