Bugtraq mailing list archives
Re: RealNetworks RealServer G2 buffer overflow. (fwd)
From: dspyrit () BEAVUH ORG (dark spyrit)
Date: Wed, 17 Nov 1999 15:44:50 +1300
---------- Forwarded message ---------- Date: Mon, 15 Nov 1999 15:37:55 -0800 From: Ryan Hill <ryan () tvw org> To: 'dark spyrit' <dspyrit () BEAVUH ORG> Cc: "'ntbugtraq () ntbugtraq com'" <ntbugtraq () ntbugtraq com> Subject: RE: RealNetworks RealServer G2 buffer overflow. Update: Since I did not see a resolution posted to the list, nor did I ever receive an annoucment or notice from RealNetworks of a released fix, I thought the list would appreciate the update for this particular exploit: http://service.real.com/help/faq/servg260.html Regards, Ryan _____________________ Ryan Hill MCSE, MCP+I Information Technology Systems Specialist TVW, Washington State's Public Affairs Network http://www.tvw.org -----Original Message----- From: dark spyrit [mailto:dspyrit () BEAVUH ORG] Sent: Thursday, November 04, 1999 6:26 AM To: NTBUGTRAQ () LISTSERV NTBUGTRAQ COM Subject: RealNetworks RealServer G2 buffer overflow. As everyone seems to have the giving spirit at present, here's a little something from the beavuh crew. A buffer overflow exists in the web authentication on the RealServer administrator port. By sending a long user/password pair you can overflow the buffer and execute arbitrary code. e.g. - GET /admin/index.html HTTP/1.0 Connection: Keep-Alive .... Authorization: Basic <long base64 encoded user/password> As basic authorization is base64 encoded, this made coding an exploit extremely annoying - but, of course, could be done. <snip>
Current thread:
- Re: RealNetworks RealServer G2 buffer overflow. (fwd) dark spyrit (Nov 16)