[NEWS] RealNetworks Helix Server 9 Administration Server Buffer Overflow
From: SecuriTeam (support_at_securiteam.com)
To: email@example.com Date: 25 Mar 2004 17:22:30 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
- - - - - - - - -
RealNetworks Helix Server 9 Administration Server Buffer Overflow
Several of Real Networks Helix Server products utilize a common
Administration Interface that is available over HTTP and protected by HTTP
An authenticated attacker can submit malformed HTTP POST requests to the
server's Administration interface, triggering a buffer overflow and
executing arbitrary code on the server.
On Windows platforms where the Helix Server is run as an NT Service, this
allows arbitrary code execution under the context of the NT SYSTEM
It should be noted that the Server does not have a default username and
password - these are set during installation. In addition to this, the
Server runs on a random TCP port, configured during installation.
* Helix Universal Mobile Server & Gateway 10, version 10.1.1.120 and
* Helix Universal Server and Gateway 9, version 126.96.36.1991 and prior
* RealSystem Server and Proxy version 8.x and earlier are not vulnerable
05-01-2004 - Initial Pentest Limited Notification
06-01-2004 - Notification acknowledged by Real Networks
08-01-2004 - Draft Advisory sent to Pentest Limited By Real Networks
12-01-2004 - Initial Advisory published by Real Networks stating the
impact as 'Denial of Service'
26-02-2004 - Real Advisory updated to describe impact as 'potential root
18-03-2004 - Pentest Limited Advisory released.
Updated versions of Helix Universal Server and Gateway 9 are available
Updated Administration System plug-ins are available.
Further details are available in the RealNetworks advisory, available at:
The information has been provided by <mailto:firstname.lastname@example.org>
Pentest Security Alerts.
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: email@example.com
In order to subscribe to the mailing list, simply forward this email to: firstname.lastname@example.org
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.