Zero Science Lab » BitRaider Streaming Client 1.3.3.4098 Local Privilege Escalation Vulnerability

BitRaider Streaming Client 1.3.3.4098 Local Privilege Escalation Vulnerability

Title: BitRaider Streaming Client 1.3.3.4098 Local Privilege Escalation Vulnerability
Advisory ID: ZSL-2014-5217
Type: Local
Impact: Privilege Escalation
Risk: (3/5)
Release Date: 23.12.2014

Summary

BitRaider is a video game streaming and download service.

Description

BitRaider contains a flaw that leads to unauthorized privileges being gained. The issue is due to the program granting improper permissions with the 'F' flag for the 'Users' group, which makes the entire 'BitRaider' directory and its sub directories and files world-writable. This may allow a local attacker to change an executable file with a binary file and gain elevated privileges.

Vendor

BitRaider, LLC - http://www.bitraider.com

Affected Version

1.3.3.4098

Tested On

Microsoft Windows 7 Professional SP1 (EN)

Vendor Status

[17.12.2014] Vulnerability discovered.
[18.12.2014] Vendor contacted.
[22.12.2014] No reply from the vendor.
[23.12.2014] Public security advisory released.

PoC

bitraider_priv.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] http://www.swtor.com
[2] http://cxsecurity.com/issue/WLB-2014120163
[3] http://www.exploit-db.com/exploits/35590/
[4] http://packetstormsecurity.com/files/129703
[5] http://osvdb.org/show/osvdb/116244
[6] https://exchange.xforce.ibmcloud.com/#/vulnerabilities/99586

Changelog

[23.12.2014] - Initial release
[24.12.2014] - Added reference [5]
[13.03.2015] - Added reference [6]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk