[NEWS] RealNetworks Helix Server 9 Administration Server Buffer Overflow
From: SecuriTeam (support_at_securiteam.com)
Date: 03/25/04
- Previous message: SecuriTeam: "[NT] WS_FTP Program Execution with SYSTEM Privileges (Exploit)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 25 Mar 2004 17:22:30 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
RealNetworks Helix Server 9 Administration Server Buffer Overflow
------------------------------------------------------------------------
SUMMARY
Several of Real Networks Helix Server products utilize a common
Administration Interface that is available over HTTP and protected by HTTP
Basic Authentication.
An authenticated attacker can submit malformed HTTP POST requests to the
server's Administration interface, triggering a buffer overflow and
executing arbitrary code on the server.
On Windows platforms where the Helix Server is run as an NT Service, this
allows arbitrary code execution under the context of the NT SYSTEM
account.
It should be noted that the Server does not have a default username and
password - these are set during installation. In addition to this, the
Server runs on a random TCP port, configured during installation.
DETAILS
Vulnerable Systems:
* Helix Universal Mobile Server & Gateway 10, version 10.1.1.120 and
prior
* Helix Universal Server and Gateway 9, version 9.0.2.881 and prior
Immune Systems:
* RealSystem Server and Proxy version 8.x and earlier are not vulnerable
Vendor Status:
Real Networks:
05-01-2004 - Initial Pentest Limited Notification
06-01-2004 - Notification acknowledged by Real Networks
08-01-2004 - Draft Advisory sent to Pentest Limited By Real Networks
12-01-2004 - Initial Advisory published by Real Networks stating the
impact as 'Denial of Service'
26-02-2004 - Real Advisory updated to describe impact as 'potential root
exploit'
18-03-2004 - Pentest Limited Advisory released.
Fix:
Updated versions of Helix Universal Server and Gateway 9 are available
from RealNetworks.
Updated Administration System plug-ins are available.
Further details are available in the RealNetworks advisory, available at:
<http://service.real.com/help/faq/security/security022604.html>
http://service.real.com/help/faq/security/security022604.html
ADDITIONAL INFORMATION
The information has been provided by <mailto:alerts@pentest.co.uk>
Pentest Security Alerts.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NT] WS_FTP Program Execution with SYSTEM Privileges (Exploit)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
