SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   RealServer Vendors:   RealNetworks
RealServer Buffer Overflow in Processing RTSP URLs Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1006222
SecurityTracker URL:  http://securitytracker.com/id/1006222
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 5 2003
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 8.0.1 and prior versions
Description:   A buffer overflow vulnerability was reported in RealServer. A remote user could cause arbitrary code to be executed.

The flaw reportedly exists in the URL handling of RTSP methods. No further details on the nature of the flaw were reported.

RealNetworks indicates that Windows NT/2000/XP platforms are known to be affected, but other operating systems may also be affected.

According to the report, this flaw does not affect RealServer 8.02 or later, including the Helix Universal Server.

Impact:   A remote user could execute arbitrary code on the server with the privileges of the RealServer process.
Solution:   The vendor has released a fixed version (8.02) and recommends that customers upgrade to that version or to Helix Universal Server 9.01 (9.0.2.794).

Platform support details are available at:

http://www.realnetworks.com/resources/contentdelivery/server/recommended_platforms.html

Vendor URL:  www.service.real.com/help/faq/security/bufferoverrun030303.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (FreeBSD), UNIX (Open UNIX-SCO), UNIX (SGI/IRIX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000), Windows (XP)
Underlying OS Comments:  Confirmed on Windows, others may be affected

Message History:   None.


 Source Message Contents

Subject:  Potential Buffer Overrun Vulnerabilities in Helix Universal Server 8.01


http://www.service.real.com/help/faq/security/bufferoverrun030303.html

RealNetworks reported that there is a vulnerability in RealServer versions 8.0.1 and earlier. A
remote user could cause arbitrary code to be executed.  RealNetworks indicates that Windows
NT/2000/XP platforms are known to be affected, but other operating systems may also be affected.

The flaw reportedly exists in the URL handling of RTSP methods.  According to the report, this flaw
does not affect RealServer 8.02 or later, including the Helix Universal Server. 

The vendor recommends that customers upgrade to RealServer version 8.02 or later or Helix Universal
Server 9.01 (9.0.2.794).

Platform support details are available at: 

http://www.realnetworks.com/resources/contentdelivery/server/recommended_platforms.html


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC