exploit the possibilities

Steam 2.10.91.91 Weak File Permissions Privilege Escalation

Steam 2.10.91.91 Weak File Permissions Privilege Escalation
Posted Nov 23, 2015
Authored by Andrew J. Smith

A privilege escalation vulnerability has been identified in that the Steam Microsoft Windows client software is installed with weak default permissions. These permissions grant read and write access to the Windows Users group for the install folder. This includes Steam.exe which is launched upon user login. Version 2.10.91.91 is confirmed vulnerable.

tags | advisory
systems | windows
advisories | CVE-2015-7985
MD5 | 8901bf2b0c7dbfd4245530ccdd21f9ed

Steam 2.10.91.91 Weak File Permissions Privilege Escalation

Change Mirror Download
Steam Weak File Permissions Privilege Escalation

Vendor Website : http://store.steampowered.com/

INDEX
---------------------------------------

1. CVE
2. Background
3. Description
4. Impact
5. Affected Products
6. Solution
7. Credit
8. Disclosure Timeline


1. CVE
---------------------------------------
CVE: 2015-7985


2. BACKGROUND
---------------------------------------
Valve is the creator of Steam, the pioneering game platform that distributes and manages thousands of games directly to a community of more than 65 million players around the world.


3. DESCRIPTION
---------------------------------------

A privilege escalation vulnerability has been identified in that the Steam Microsoft Windows client software is installed with weak default permissions. These permissions grant read and write access to the Windows Users group for the install folder. This includes Steam.exe which is launched upon user login.


4. IMPACT
---------------------------------------
A low privileged user could modify the steam.exe binary and obtain code execution with elevated privileges upon an administrator login or execution of steam.exe


5. AFFECTED PRODUCTS
---------------------------------------
Only the following versions have been confirmed vulnerable:

Steam 2.10.91.91


6. SOLUTION
---------------------------------------
A workaround for the steam install folder includes removing write privileges from the Windows Users group. Additionally the vendor has provided security resources here: https://support.steampowered.com/kb_article.php?ref=1266-OAFV-8478


7. CREDIT
---------------------------------------
The vulnerability was discovered by Andrew Smith of Sword & Shield Enterprise Security.


8. DISCLOSURE TIMELINE
---------------------------------------
10-20-2015 - Vulnerability Discovered
10-26-2015 - Vendor Informed
10-26-2015 - Vendor Confirmed Receipt of Report
10-27-2015 - CVE Requested
10-28-2015 - Vendor Confirmed Public Disclosure
11-12-2015 - Public Disclosure

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    2 Files
  • 23
    Feb 23rd
    2 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    37 Files
  • 26
    Feb 26th
    15 Files
  • 27
    Feb 27th
    15 Files
  • 28
    Feb 28th
    4 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close