TITLE: Sony SunnComm MediaMax DRM Software Insecure Directory Permissions SECUNIA ADVISORY ID: SA17933 VERIFY ADVISORY: http://secunia.com/advisories/17933/ CRITICAL: Less critical IMPACT: Manipulation of data, Privilege escalation WHERE: Local system SOFTWARE: SunnComm MediaMax 5.x http://secunia.com/product/6385/ DESCRIPTION: Jesse Burns and Alex Stamos has reported a security issue in SunnComm MediaMax, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to insecure default directory ACLs being set on the "SunnComm Shared" directory, which allows "everyone" full access to the directory. This can be exploited by non-administrative users to modify the installed files, and potentially gain escalated privileges by e.g. replacing the MMX.exe program with a malicious program. The MMX.exe program will be automatically executed when another user inserts a MediaMax protected CD. Changing the directory ACL manually is reportedly not effective as the insecure permissions will be restored the next time a MediaMax protected CD is played. The security issue has been reported in version 5.0.21.0. Prior versions may also be affected. SOLUTION: Update to the fixed version. http://sonybmg.com/mediamax/ Refer to Sony's advisory for the list of CD titles that include the MediaMax software. PROVIDED AND/OR DISCOVERED BY: Jesse Burns and Alex Stamos, iSEC Partners. ORIGINAL ADVISORY: Sony: http://sonybmg.com/mediamax/ http://www.sonybmg.com/mediamax/titles.html EFF: http://www.eff.org/news/archives/2005_12.php#004234 iSEC Partners: http://www.eff.org/IP/DRM/Sony-BMG/MediaMaxVulnerabilityReport.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------