| VID |
23200 |
| Severity |
40 |
| Port |
554 |
| Protocol |
TCP |
| Class |
RTSP |
| Detailed Description |
The Helix Server, according to its version number, has a buffer overflow vulnerability in the 'Require' header. Helix DNA Server or Helix Server is a media streaming server. Helix Server, Helix Mobile Server and Helix DNA Server versions prior to 11.1.4 are vulnerable to a heap-based buffer overflow vulnerability via a Real Time Streaming Protocol (RTSP) command with multiple 'Require' headers. By sending a specially-crafted RTSP request with multiple malicious 'Require' headers, a remote attacker could crash the affected application or execute arbitrary code on the system with root privileges.
* Note: This check solely relied on the version number of the remote Helix Server to assess this vulnerability, so this might be a false positive.
* References:
http://labs.musecurity.com/2007/08/24/helix-dna-server-heap-corruption-vulnerability/
http://labs.musecurity.com/wp-content/uploads/2007/08/mu-200708-01.txt
http://archives.neohapsis.com/archives/fulldisclosure/2007-08/0432.html
http://www.frsirt.com/english/advisories/2007/2986
http://securitytracker.com/alerts/2007/Aug/1018605.html
http://secunia.com/advisories/26609
* Platforms Affected:
RealNetworks, Inc., Helix DNA Server versions prior to 11.1.4
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Helix Server / Helix DNA Server (11.1.4 or later), available from the Helix Community Web site at https://helix-server.helixcommunity.org/ |
| Related URL |
CVE-2007-4561 (CVE) |
| Related URL |
25440 (SecurityFocus) |
| Related URL |
36309 (ISS) |
|
