Peaches Posted January 2, 2009 Report Share Posted January 2, 2009 RealNetworks Helix Server Multiple Vulnerabilities Secunia Advisory: SA33360 Release Date: 2008-12-30 Critical: Highly critical Impact: DoS System accessWhere: From remote Solution Status: Vendor Patch Software:Helix DNA Server 11.x RealNetworks Helix Mobile Server 12.x RealNetworks Helix Server 12.xSubscribe: Instant alerts on relevant vulnerabilities Description: Some vulnerabilities have been reported in RealNetworks Helix Server, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. 1) An unspecified error in the processing of RTSP DESCRIBE commands can be exploited to cause a heap-based buffer overflow. Successful exploitation allows execution of arbitrary code. 2) An unspecified error when parsing RTSP SETUP commands can be exploited to cause stack-based buffer overflow via three consequent, specially crafted requests to port 554 of an affected server. 3) An unspecified error in "DataConvertBuffer" can be exploited to cause a heap-based buffer overflow and allows execution of arbitrary code. 4) An unspecified error in the processing of Base64-encoded data in "NTLM Authentication" can be exploited to cause a heap-based buffer overflow and allows execution of arbitrary code. The vulnerabilities have been reported in Helix Server version 11.x and 12.x and Helix Mobile Server Version 11.x and 12.x. Solution: Update to version 11.1.8 or version 12.0.1. Provided and/or discovered by: The vendor credits TippingPoint and Noam Rathaus. Original Advisory: RealNetworks: http://docs.real.com/docs/security/Securit...ate121508HS.pdf Source: http://secunia.com/advisories/33360/ Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.