RTSP: Real Server Transport Overflow
This signature detects attempts to exploit a known vulnerability against Real Networks Real Server running on port 554. Windows and Linux versions of Real Server are vulnerable. Attackers can send an abnormally long RTSP TRANSPORT request to cause a server overflow and possibly execute arbitrary code.
Extended Description
Helix Universal Server is a multiple type media server distributed and maintained by RealNetworks. It is available for Unix, Linux, and Microsoft Windows platforms. A buffer overflow has been reported in the Helix Universal Server. Due to insufficient bounds checking on the 'describe' field of a RTSP request, it is possible for a user to exploit a boundry condition error. This could lead to the remote execution of arbitrary code with the privileges of the Helix Universal Server process.
Affected Products
Real_networks helix_universal_server
Short Name
RTSP:OVERFLOW:TRANSPORT-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
RTSP
Keywords
CVE-2002-1643 Overflow Real Server Transport bid:6456
Release Date
10/30/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Real_networks
CVSS Score
7.5