Signature Detail

RTSP: Real Server Transport Overflow

This signature detects attempts to exploit a known vulnerability against Real Networks Real Server running on port 554. Windows and Linux versions of Real Server are vulnerable. Attackers can send an abnormally long RTSP TRANSPORT request to cause a server overflow and possibly execute arbitrary code.

Extended Description

Helix Universal Server is a multiple type media server distributed and maintained by RealNetworks. It is available for Unix, Linux, and Microsoft Windows platforms. A buffer overflow has been reported in the Helix Universal Server. Due to insufficient bounds checking on the 'describe' field of a RTSP request, it is possible for a user to exploit a boundry condition error. This could lead to the remote execution of arbitrary code with the privileges of the Helix Universal Server process.

Affected Products

• Real Networks Helix Universal Server 9.0.0

References

• BugTraq: 6456
• CVE: CVE-2002-1643
• URL: http://www.service.real.com/help/faq/security/bufferoverrun12192002.html
• URL: http://www.securityfocus.com/archive/1/304203
• URL: http://www.kb.cert.org/vuls/id/485057