RealNetworks Information for VU#934932
RealNetworks media server RTSP protocol parser buffer overflow
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 29 Aug 2003
Please see the vendor statement for VU#934932 at:
The vendor has not provided us with any further information regarding this vulnerability.
Text of statement for VU#934932 follows:
[updated Wednesday, August 27, 2003]
|Server Exploit Vulnerability
Updated August 22, 2003
Helix Universal Server 9 and earlier versions (RealSystem Server 8, 7 and RealServer G2) are vulnerable to a root exploit when certain types of character strings appear in large numbers within URLs destined for the Server's protocol parsers. RealNetworks Proxy products are not vulnerable to this exploit.
RealNetworks considers the removal of the View Source Plug-in a work-around for this issue, we will be making a new version of the Helix Universal Server available to all current customers that resolves this problem and does not require system administrators to remove any shipping components post installation. Once the new version is available, RealNetworks will urge customer to upgrade.
We want to thank those who posted information about this problem on http://www.securityfocus.org/.