| VID |
23183 |
| Severity |
40 |
| Port |
554 |
| Protocol |
TCP |
| Class |
RTSP |
| Detailed Description |
The Helix Server, according to its version number, has a buffer overflow vulnerability in the 'LoadTestPassword' field. Helix DNA Server or Helix Server is a media streaming server. Helix Server, Helix Mobile Server and Helix DNA Server versions prior to 11.1.3 are vulnerable to a heap-based buffer overflow vulnerability via a DESCRIBE request that contains an invalid LoadTestPassword field. By sending a DESCRIBE request with an invalid LoadTestPassword field, a remote attacker could crash the affected application or execute arbitrary code on the system with root privileges.
* Note: This check solely relied on the version number of the remote Helix Server to assess this vulnerability, so this might be a false positive.
* References:
http://docs.real.com/docs/security/SecurityUpdate032107Server.pdf
http://lists.helixcommunity.org/pipermail/server-cvs/2007-January/003783.html
http://www.securityfocus.com/archive/1/463333/30/0/threaded
http://web.archive.org/web/20060502082622/www.gleg.net/vulndisco_pack_professional.shtml
* Platforms Affected:
RealNetworks, Inc., Helix DNA Server 11.0
RealNetworks, Inc., Helix DNA Server 11.1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Helix Server / Helix DNA Server (11.1.3 or later), available from the Helix Community Web site at https://helix-server.helixcommunity.org/ |
| Related URL |
CVE-2006-6026 (CVE) |
| Related URL |
21141,23068 (SecurityFocus) |
| Related URL |
31524 (ISS) |
|
