[NEWS] RealNetworks Helix Server 9 Administration Server Buffer Overflow

From: SecuriTeam (support_at_securiteam.com)
Date: 03/25/04

  • Next message: SecuriTeam: "[TOOL] EckBox - TEMPEST Software Package"
    To: list@securiteam.com
    Date: 25 Mar 2004 17:22:30 +0200
    
    

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      RealNetworks Helix Server 9 Administration Server Buffer Overflow
    ------------------------------------------------------------------------

    SUMMARY

    Several of Real Networks Helix Server products utilize a common
    Administration Interface that is available over HTTP and protected by HTTP
    Basic Authentication.

    An authenticated attacker can submit malformed HTTP POST requests to the
    server's Administration interface, triggering a buffer overflow and
    executing arbitrary code on the server.

    On Windows platforms where the Helix Server is run as an NT Service, this
    allows arbitrary code execution under the context of the NT SYSTEM
    account.

    It should be noted that the Server does not have a default username and
    password - these are set during installation. In addition to this, the
    Server runs on a random TCP port, configured during installation.

    DETAILS

    Vulnerable Systems:
     * Helix Universal Mobile Server & Gateway 10, version 10.1.1.120 and
    prior
     * Helix Universal Server and Gateway 9, version 9.0.2.881 and prior

    Immune Systems:
     * RealSystem Server and Proxy version 8.x and earlier are not vulnerable

    Vendor Status:
    Real Networks:
    05-01-2004 - Initial Pentest Limited Notification
    06-01-2004 - Notification acknowledged by Real Networks
    08-01-2004 - Draft Advisory sent to Pentest Limited By Real Networks
    12-01-2004 - Initial Advisory published by Real Networks stating the
    impact as 'Denial of Service'
    26-02-2004 - Real Advisory updated to describe impact as 'potential root
    exploit'
    18-03-2004 - Pentest Limited Advisory released.

    Fix:
    Updated versions of Helix Universal Server and Gateway 9 are available
    from RealNetworks.

    Updated Administration System plug-ins are available.

    Further details are available in the RealNetworks advisory, available at:
    <http://service.real.com/help/faq/security/security022604.html>
    http://service.real.com/help/faq/security/security022604.html

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:alerts@pentest.co.uk>
    Pentest Security Alerts.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.


  • Next message: SecuriTeam: "[TOOL] EckBox - TEMPEST Software Package"

    Relevant Pages