Title: Wowza Streaming Engine 4.5.0 Local Privilege Escalation
Advisory ID: ZSL-2016-5339
Type: Local
Impact: Privilege Escalation
Risk: (3/5)
Release Date: 19.07.2016

Summary

Wowza Streaming Engine is robust, customizable, and scalable server software that powers reliable video and audio streaming to any device. Learn the benefits of using Wowza Streaming Engine to deliver high-quality live and on-demand video content to any device.

Description

Wowza Streaming Engine suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Everyone' group. In combination with insecure file permissions the application suffers from an unquoted search path issue impacting the services 'WowzaStreamingEngine450' and 'WowzaStreamingEngineManager450' for Windows deployed as part of Wowza Streaming software.

Vendor

Wowza Media Systems, LLC. - https://www.wowza.com

Affected Version

Wowza Streaming Engine 4.5.0 (build 18676)
Wowza Streaming Engine Manager 4.5.0 (build 18676)

Tested On

Microsoft Windows 7 Ultimate SP1 (EN)
Java Version: 1.8.0_77
Java VM Version: 25.77-b03
Java Architecture: 64

Vendor Status

[03.07.2016] Vulnerability discovered.
[09.07.2016] Contact with the vendor.
[18.07.2016] No response from the vendor.
[19.07.2016] Public security advisory released.

PoC

wowza_lprivs.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] https://www.exploit-db.com/exploits/40132/
[2] https://packetstormsecurity.com/files/137971
[3] https://cxsecurity.com/issue/WLB-2016070155
[4] https://exchange.xforce.ibmcloud.com/vulnerabilities/115122

Changelog

[19.07.2016] - Initial release
[22.07.2016] - Added reference [1], [2] and [3]
[26.07.2016] - Added reference [4]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk