Epic Games Fortnite version 4.2-CL-4072250 suffers from an insecure file permissions vulnerability.
53874ec8a31c983f1f18e22c35e62744i>>?
Epic Games Fortnite 4.2-CL-4072250 Insecure File Permissions
Vendor: Epic Games, Inc.
Product web page: https://www.epicgames.com
Affected version: 4.2-CL-4072250
4.1-CL-4053532
4.0-CL-4039451
Summary: Fortnite is a co-op sandbox survival game developed by Epic
Games and People Can Fly and published by Epic Games. The game was
released as a paid-for early access title for Microsoft Windows, macOS,
PlayStation 4 and Xbox One on July 25, 2017, with a full free-to-play
release expected in 2018. The retail versions of the game were published
by Gearbox Publishing, while online distribution of the PC versions is
handled by Epic's launcher.
Desc: Fortnite suffers from an elevation of privileges vulnerability which
can be used by a simple authenticated user that can change the executable
file with a binary of choice. The vulnerability exist due to the improper
permissions, with the 'C' flag (Change) for 'Authenticated Users' group.
Tested on: Microsoft Windows 10 Home
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2018-5469
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5469.php
10.04.2018
--
E:\Program Files\Epic Games\Fortnite\FortniteGame>dir /b Binaries\Win64\*.exe
FortniteClient-Win64-Shipping.exe
FortniteClient-Win64-Shipping_BE.exe
FortniteClient-Win64-Shipping_EAC.exe
FortniteLauncher.exe
E:\Program Files\Epic Games\Fortnite\FortniteGame>cacls Binaries
E:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries BUILTIN\Administrators:F
BUILTIN\Administrators:(OI)(CI)(IO)F
NT AUTHORITY\SYSTEM:F
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
NT AUTHORITY\Authenticated Users:C
NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)C
BUILTIN\Users:R
BUILTIN\Users:(OI)(CI)(IO)(special access:)
GENERIC_READ
GENERIC_EXECUTE