Title: Real Networks Helix Universal Server/RealServer RTSP URI Handling Buffer Overflow Vulnerabilities
Severity: CRITICAL
Description:
Helix Universal Server is a multiple type media server distributed and maintained by Real Networks. It is available for Unix, Linux, and Microsoft Windows platforms.
Real Networks has reported that buffer overflow vulnerabilities exist in Helix Universal Server/RealServer versions 8.01 and earlier. This is due to insufficient bounds checking of URIs by RTSP methods, which will make it possible to corrupt sensitive regions of memory with data supplied by a remote attacker.
Successful exploitation of these issues may result in execution of malicious instructions in the security context of the server process.
The issues were reported on Microsoft Windows platforms but also may affect other platforms.
Due to this server running on TCP port 554 on most Windows systems, and the server being installed as a system service, exploitation of these vulnerabilities would yield SYSTEM privileges on a vulnerable host.
This issue may be related to previously reported issues (BID 6454, BID 6456 and BID 6458).
Affected Products:
- Real Networks Helix Universal Server 8.0.01
- Real Networks Real Server 5.0.0
- Real Networks Real Server 7.0.0
- Real Networks Real Server 7.0.1
- Real Networks Real Server 7.0.2
- Real Networks Real Server 8.0.0
- Real Networks Real Server 8.0.01
- Real Networks Real Server 8.0.0Beta
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
