Vulnerability

    Real Media Server

Affected

    Linux, NT (others?)

Description

    Francisco  M.  Marzoa  Alonso  found  following.   Take  a look at
    following:

        fmmarzoa@alexander:/usr/local/rserver/Bin > rmserver -version
        Creating Server Space...
        Starting RealServer 6.0 Core...
        RealServer (c) 1995-1998 RealNetworks, Inc. All rights reserved.
        Version:        6.0.3.353
        Platform: linux2

    The  fact  is  that  through  installation  process  it  ask for a
    password that itsn't hide neither when you write it, but worse  is
    that     this     password     is     stored     in     the   file
    /usr/local/rmserver/rmserver.cfg  in  plain  format  and this file
    have as default a 644 permision mask.

    This also affects Version  6.0.3.303 of RealAudio Basic  Server on
    Win NT, File Persmission is set  to full access by everyone.   The
    G2  web  admin  facility  uses  forms to change/set passwords etc.
    (Some of)  these changes  are logged,  in plaintext,  in the world
    readable access logs for your lusers' reading pleasure...   Here's
    a snippit:

          10.1.1.1 - - [14/Mar/1999:11:23:32 +0000]  "GET
        admin/auth.adduser.html?respage%3Dadduser_respage.ht
        ml%26name%3Devilhaxor%26pass%3Dfreekevin%26realm%3DbadwURLd HTTP/1.0"
        200 2452 [UNKNOWN] [UNKNOWN] [UNKNOWN] 0 0 0 0 0 114

Solution

    Change permissions of the file.