Bugtraq mailing list archives

Re: Remote DoS attack in Real Networks Real Server (Strike #2) vulnerability

From: ryan () SECURITYFOCUS COM (Ryan Russell)
Date: Thu, 1 Jun 2000 17:02:46 -0700


I believe I have a temporary workaround.

In the rmserver.cfg file, there's a section like this:

<!-- H T T P S U P P O R T --> <List Name="HTTPDeliverable">
    <Var Path_0="/admin"/>
    <Var Path_1="/ramgen"/>
    <Var Path_2="/farm"/>
    <Var Path_3="/httpfs"/>
    <Var Path_4="/viewsource"/>
</List>

On my Real server, I've removed this line:
<Var Path_4="/viewsource"/>

I *think* this only has the consequence that people can't pull down file
details for audio content for the moment.  We can still serve up audio
just fine.

                                Ryan

Current thread:

Re: Remote DoS attack in Real Networks Real Server (Strike #2) vulnerability Ryan Russell (Jun 01)
- Re: Remote DoS attack in Real Networks Real Server (Strike #2) vulnerability Christopher Schulte (Jun 02)
- bind running as root in Mandrake 7.0 Nicolas MONNET (Jun 03)
  - Re: bind running as root in Mandrake 7.0 Brock Sides (Jun 03)
  - Re: bind running as root in Mandrake 7.0 White Vampire (Jun 03)
  - Re: bind running as root in Mandrake 7.0 Andrew L . Davis (Jun 04)
    - Re: bind running as root in Mandrake 7.0 Elias Levy (Jun 08)
    - Circumventing Outlook Security Update File Download Security With IFRAMEs cassius () HUSHMAIL COM (Jun 09)
    - Re: bind running as root in Mandrake 7.0 Nathan Neulinger (Jun 11)
    - Remote DoS for Mercur 3.2 |[TDP]| (Jun 13)
    - Vulnerability in Solaris ufsrestore Job de Haas (Jun 14)

(Thread continues...)