posted 12 December 2005 07:09 AM
profile
Some topics that should die refuse to do so, and this is no exception. I just read this today...New Sony DRM Patch Insecure
Just one day after jointly announcing a patch to correct a security
flaw in the SunnComm MediaMax copy protection included on 27 CDs, Sony BMG and the Electronic Frontier Foundation are urging users not to install it. The update includes a vulnerability similar to the one it
attempted to fix.
SunnComm's MediaMax version 5 software does not properly protect a directory it installs, opening the door for a privilege escalation
attack. Thus, a restricted user account could replace the executables within the MediaMax directory with malicious code, which would then be executed by an administrator upon inserting a CD.
Sony said it would notify customers of the SunnComm problem through an advertising banner within the MediaMax software, and via an online ad campaign. It also began distributing an update on the Sony BMG Web
site and to security vendors.
But despite claims that "independent software security firm NGS Software have determined that the security vulnerability is fully
addressed by the update," Princeton researcher Alex Halderman has
found otherwise.
"It turns out that there is a way an adversary can booby-trap the MediaMax files so that hostile software is run automatically when you install and run the MediaMax patch," Princeton professor Edward Felten
explained. "The previously released MediaMax uninstaller is also insecure in the same way."
Halderman and Felten also discovered that even if a user declines the MediaMax license agreement, the vulnerable software is still installed on their computer. However, those users will not see the advertising banner Sony is using to notify customers.
"The consequences of this problem are just as bad as those of the XCP rootkit whose discovery by Mark Russinovich started SonyBMG's woes," added Felten. "This problem, like the rootkit, allows any program on
the system to launch a serious security attack that would normally be available only to fully trusted programs."
This isn't the first time Sony's fix for vulnerable DRM has done more harm than good. Last month, Felten reported that the Web based uninstaller for the XCP copy protection contained a security flaw that could enable malicious software to be automatically installed on a PC.
Sony has recalled all CDs with XCP due to the furor surrounding the software's rootkit, but much to the chagrin of security experts, it is not following suit with SunnComm.
"Every disc sitting on somebody's shelf, or in a record-store bin, is just waiting to install the vulnerable software on the next PC it is inserted into. The only sure way to address this risk is take the discs out of circulation," warns Felten. "The time has come for SonyBMG to recall all MediaMax CDs."
------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services[This message was edited by Wiz Feinberg on 12 December 2005 at 07:11 AM.]
The Steel Guitar Forum
posted 29 November 2005 07:54 AM
