Epic Games Fortnite 4.2-CL-4072250 Insecure File Permissions
Vendor: Epic Games, Inc.
Product web page: https://www.epicgames.com
Affected version: 4.2-CL-4072250
Summary: Fortnite is a co-op sandbox survival game developed by Epic
Games and People Can Fly and published by Epic Games. The game was
released as a paid-for early access title for Microsoft Windows, macOS,
PlayStation 4 and Xbox One on July 25, 2017, with a full free-to-play
release expected in 2018. The retail versions of the game were published
by Gearbox Publishing, while online distribution of the PC versions is
handled by Epic's launcher.
Desc: Fortnite suffers from an elevation of privileges vulnerability which
can be used by a simple authenticated user that can change the executable
file with a binary of choice. The vulnerability exist due to the improper
permissions, with the 'C' flag (Change) for 'Authenticated Users' group.
Tested on: Microsoft Windows 10 Home
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
Advisory ID: ZSL-2018-5469
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5469.php
E:\Program Files\Epic Games\Fortnite\FortniteGame>dir /b Binaries\Win64\*.exe
E:\Program Files\Epic Games\Fortnite\FortniteGame>cacls Binaries
E:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries BUILTIN\Administrators:F
NT AUTHORITY\Authenticated Users:C
NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)C