RTSP: RealServer SETUP Command Buffer Overflow (2)

This signature detects attempts to exploit a known vulnerability against the RealServer daemon running on Microsoft Windows XP. RealNetworks RealServer versions 8.0.2 and earlier are vulnerable. Attackers can send a SETUP command to the RealServer daemon and overflow the buffer to gain administrator access to the server.

Extended Description

RealNetworks has reported that buffer overflow vulnerabilities exist in Helix Universal Server/RealServer versions 8.01 and earlier. This is due to insufficient bounds checking of URIs by RTSP methods. Successful exploitation of these issues may result in execution of malicious instructions in the security context of the server process. The issues were reported on Microsoft Windows platforms but also may also affect other platforms. This issue may be related to previously reported issues (BID 6454, BID 6456 and BID 6458).

Affected Products

Real_networks real_server

References

BugTraq: 7020

URL: http://www.service.real.com/help/faq/security/bufferoverrun030303.html http://www3.ca.com/securityadvisor/vulninfo/Vuln.aspx?ID=7168 http://www.securiteam.com/exploits/5JP0B1F96W.html

Short Name

RTSP:REALSERVER:REAL-SETUP-OF2

Severity

Critical

Recommended

False

Recommended Action

Drop

RTSP: RealServer SETUP Command Buffer Overflow (2)

Extended Description

Affected Products

References

Found a potential security threat?