AgentX++ 'AgentX::receive_agentx()' Remote Code Execution Vulnerability
BID:39561
Info
AgentX++ 'AgentX::receive_agentx()' Remote Code Execution Vulnerability
| Bugtraq ID: | 39561 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2010-1319 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 16 2010 12:00AM |
| Updated: | Apr 16 2010 12:00AM |
| Credit: | Joshua J. Drake of iDefense Labs |
| Vulnerable: |
RealNetworks Helix Server 13.0 RealNetworks Helix Server 12.0.1 .215 RealNetworks Helix Server 12.0.1 RealNetworks Helix Server 12.0 RealNetworks Helix Server 11.1.8 RealNetworks Helix Server 11.1.7 RealNetworks Helix Server 11.1.6 RealNetworks Helix Server 11.1.4 RealNetworks Helix Server 11.1.2 RealNetworks Helix Mobile Server 13.0 RealNetworks Helix Mobile Server 12.0.1 .215 RealNetworks Helix Mobile Server 12.0.1 RealNetworks Helix Mobile Server 12.0 RealNetworks Helix Mobile Server 11.1.8 RealNetworks Helix Mobile Server 11.1.7 RealNetworks Helix Mobile Server 11.1.6 RealNetworks Helix Mobile Server 11.1.4 RealNetworks Helix Mobile Server 11.1.2 Frank Fock AgentX++ 1.4.16 Frank Fock AgentX++ 1.4 |
| Not Vulnerable: |
RealNetworks Helix Server 14.0 RealNetworks Helix Mobile Server 14.0 |
Discussion
AgentX++ 'AgentX::receive_agentx()' Remote Code Execution Vulnerability
AgentX++ is prone to a remote code-execution vulnerability.
Exploiting this issue can let attackers execute arbitrary code within the context of the user running the AgentX master process; in some cases, the superuser may be the owner of the process. Failed attempts may cause the application to crash, denying service to legitimate users.
AgentX++ 1.4.16 is vulnerable; other versions may also be affected. In addition, these issues affect versions prior to Helix Server and Helix Mobile Server 14.0.
NOTE: This issue was previously covered in BID 39490 (RealNetworks Helix and Helix Mobile Server Multiple Remote Code Execution Vulnerabilities) but has been given its own record to better document it.
AgentX++ is prone to a remote code-execution vulnerability.
Exploiting this issue can let attackers execute arbitrary code within the context of the user running the AgentX master process; in some cases, the superuser may be the owner of the process. Failed attempts may cause the application to crash, denying service to legitimate users.
AgentX++ 1.4.16 is vulnerable; other versions may also be affected. In addition, these issues affect versions prior to Helix Server and Helix Mobile Server 14.0.
NOTE: This issue was previously covered in BID 39490 (RealNetworks Helix and Helix Mobile Server Multiple Remote Code Execution Vulnerabilities) but has been given its own record to better document it.
Exploit / POC
AgentX++ 'AgentX::receive_agentx()' Remote Code Execution Vulnerability
Currently we are not aware of any exploits. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
AgentX++ 'AgentX::receive_agentx()' Remote Code Execution Vulnerability
Solution:
Updates are available. RealNetworks released Helix Server and Helix Mobile Server 14.0 to address this issue. Please see the references for more information.
Solution:
Updates are available. RealNetworks released Helix Server and Helix Mobile Server 14.0 to address this issue. Please see the references for more information.
References
AgentX++ 'AgentX::receive_agentx()' Remote Code Execution Vulnerability
References:
References:
- AgentX++ Homepage (Frank Fock)
- Real Networks Helix Server Homepage (Real Networks)
- iDefense Security Advisory 04.15.10: Multiple Vendor AgentX++ Integer Overflow V (iDefense Labs
- Multiple Vendor AgentX++ Integer Overflow Vulnerability (iDefense Labs)
- RealNetworks is making available product upgrades that contain security bug fixe (Real Networks)