Re: RealNetworks RealServer G2 buffer overflow. (fwd)

[dspyrit () BEAVUH ORG (dark spyrit)]

---------- Forwarded message ----------
Date: Mon, 15 Nov 1999 15:37:55 -0800
From: Ryan Hill <ryan () tvw org>
To: 'dark spyrit' <dspyrit () BEAVUH ORG>
Cc: "'ntbugtraq () ntbugtraq com'" <ntbugtraq () ntbugtraq com>
Subject: RE: RealNetworks RealServer G2 buffer overflow.

Update:

Since I did not see a resolution posted to the list, nor did I ever receive
an annoucment or notice from RealNetworks of a released fix, I thought the
list would appreciate the update for this particular exploit:

http://service.real.com/help/faq/servg260.html

Regards,
Ryan

_____________________
Ryan Hill MCSE, MCP+I
Information Technology Systems Specialist
TVW, Washington State's Public Affairs Network
http://www.tvw.org

-----Original Message-----
From: dark spyrit [mailto:dspyrit () BEAVUH ORG]
Sent: Thursday, November 04, 1999 6:26 AM
To: NTBUGTRAQ () LISTSERV NTBUGTRAQ COM
Subject: RealNetworks RealServer G2 buffer overflow.

As everyone seems to have the giving spirit at present, here's a little
something from the beavuh crew.

A buffer overflow exists in the web authentication on the
RealServer administrator port. By sending a long user/password pair you
can overflow the buffer and execute arbitrary code.

e.g. -

GET /admin/index.html HTTP/1.0
Connection: Keep-Alive
....
Authorization: Basic <long base64 encoded user/password>

As basic authorization is base64 encoded, this made coding an exploit
extremely annoying - but, of course, could be done.

<snip>