| VID |
23055 |
| Severity |
40 |
| Port |
554 |
| Protocol |
TCP |
| Class |
RTSP |
| Detailed Description |
The Helix Universal Server has a RTSP protocol parser buffer overflow vulnerability.
RealNetworks' Helix Universal Server is a streaming audio server that supports all major media file formats. Helix Universal Server versions 9 and earlier could allow a remote attacker to execute arbitrary code on the server with root privileges, caused by a vulnerability in the "View Source" plug-in. This vulnerability arises when certain types of character strings appear in large numbers within URLs destined for the Server's protocol parsers.
* Note: This check solely relied on the version number of the remote Helix Server to assess this vulnerability, so this might be a false positive.
* References:
http://www.kb.cert.org/vuls/id/934932
http://www.ciac.org/ciac/bulletins/n-152.shtml
http://service.real.com/help/faq/security/bufferoverrun030303.html
http://www.service.real.com/help/faq/security/rootexploit091103.html
http://www.service.real.com/help/faq/security/rootexploit082203.html
* Platforms Affected:
RealNetworks, Inc. Helix Universal Server 9.0 and earlier
Microsoft Windows Any version
Various Unix Any version |
| Recommendation |
Upgrade to the latest version of Helix Universal Server (9.0.2.802 or later), available from the RealNetworks Customer Support Web site at http://www.service.real.com/help/faq/security/rootexploit091103.html
As a workaround, remove the "View Source" plug-in from the /Plugins directory. The plug-in will have the following filenames, depending on architecture:
vsrcplin.so (UNIX)
vsrcplin.dll (Windows)
The server should then be restarted. With the plug-in removed, the Content Browsing feature will be disabled. |
| Related URL |
CVE-2003-0725 (CVE) |
| Related URL |
8476 (SecurityFocus) |
| Related URL |
13004 (ISS) |
|
