Signature Detail
Short Name |
HTTP:REAL-DESCBO |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
RealServer Describe Buffer Overflow |
Release Date |
2010/03/19 |
Update Number |
1635 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: RealServer Describe Buffer Overflow
This signature detects attempts to exploit a known vulnerability against RealServer. A successful attack allows attackers to execute remote code on a remote server.
Extended Description
Helix Universal Server is a multiple type media server distributed and maintained by RealNetworks. It is available for Unix, Linux, and Microsoft Windows platforms. A buffer overflow has been reported in the Helix Universal Server. Due to insufficient bounds checking on the 'describe' field of a RTSP request, it is possible for a user to exploit a boundry condition error. This could lead to the remote execution of arbitrary code with the privileges of the Helix Universal Server process.
Affected Products
- Real Networks Helix Universal Server 9.0.0
References
- BugTraq: 6456
- CVE: CVE-2002-1643