SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#934932

RealNetworks media server RTSP protocol parser buffer overflow

Overview

RealNetworks Helix Universal Server 9 media servers contain a buffer overflow in a RTSP protocol parser. Earlier versions of their media servers are also affected: RealSystem Server 7, 8, and RealServer G2.

I. Description

RealNetworks Helix Universal Server 9 media server is software which provides integrated distribution of various forms of digital content. Streaming media content can include files encoded in QuickTime and MPEG formats. Helix Universal Server 9 uses a dynamic, shared library plug-in architecture to extend its functionality and support such RTP-delivered formats. Two of the plug-ins installed by default can be used to exploit a heap-based buffer overflow in a RTSP protocol parser. They are View Source plug-ins vsrcplin.so on UNIX platforms (vsrcplin.so.9.0 for Helix Universal Server, vsrcplin.so.6.0 for RealSystem Server 7, 8, and RealServer G2) and vsrc3260.dll on Windows systems. RealNetworks has published a statement recommending these two plug-ins be removed from the Plugins sub-directory in order to prevent this vulnerability from being exploited.

Previous versions of the RealNetworks streaming media server, including RealSystem Server 7, 8, and RealServer G2, are also vulnerable. The RealNetworks Helix Universal Proxy is reported not to be vulnerable.

Exploit code has been published in public forums and used to exploit this vulnerability.

II. Impact

A remote attacker can either execute arbitrary code with privileges of the running service or cause it to crash.

III. Solution

The CERT/CC is currently unaware of a definitive patch for this problem.

Workarounds


RealNetworks has posted the following response to this issue:
http://www.service.real.com/help/faq/security/rootexploit082203.html

In summary, sites running vulnerable RealNetworks media servers should consider removing one of the following View Source plug-ins from the appropriate Plugins sub-directory: vsrcplin.so (vsrcplin.so.6.0 or vsrcplin.so.9.0) on UNIX platforms, vsrc3260.dll on Windows systems. Note the media server process must be restarted in order for this change to take affect. According to RealNetworks, this change will only disable the Content Browsing feature when implemented.

Affected sites could also block relevant RTSP service ports, which may include, but is not limited to, the following:

rtsp                    554/tcp                         # Real Time Stream Control Protocol
rtsp                    554/udp                         # Real Time Stream Control Protocol
arcp                    7070/tcp                        # ARCP [legacy RealServer port]
arcp                    7070/udp                        # ARCP [legacy RealServer port]
rtsp-alt                8554/tcp                        # RTSP Alternate (see port 554)
rtsp-alt                8554/udp                        # RTSP Alternate (see port 554)

Systems Affected
VendorStatusDate Updated
RealNetworksVulnerable29-Aug-2003

References


http://www.service.real.com/help/faq/security/rootexploit082203.html
http://www.securityfocus.com/bid/8476

Credit

This vulnerability is reported to have been discovered by Dave Aitel of Immunitysec.

This document was written by Jeffrey S Havrilla.

Other Information

Date Public08/15/2003
Date First Published08/29/2003 01:27:49 PM
Date Last Updated09/09/2003
CERT Advisory 
CVE Name 
US-CERT Technical Alerts 
Metric14.21
Document Revision16

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2003 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader